CN1326053C - Contents delivery system, information processing apparatus or information processing method and computer program - Google Patents

Contents delivery system, information processing apparatus or information processing method and computer program Download PDF

Info

Publication number
CN1326053C
CN1326053C CN 200380100361 CN200380100361A CN1326053C CN 1326053 C CN1326053 C CN 1326053C CN 200380100361 CN200380100361 CN 200380100361 CN 200380100361 A CN200380100361 A CN 200380100361A CN 1326053 C CN1326053 C CN 1326053C
Authority
CN
China
Prior art keywords
content
client
license
certificate
copy
Prior art date
Application number
CN 200380100361
Other languages
Chinese (zh)
Other versions
CN1692339A (en
Inventor
村上干
久松史明
Original Assignee
索尼株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to JP2003014245A priority Critical patent/JP3791499B2/en
Application filed by 索尼株式会社 filed Critical 索尼株式会社
Publication of CN1692339A publication Critical patent/CN1692339A/en
Application granted granted Critical
Publication of CN1326053C publication Critical patent/CN1326053C/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material

Abstract

本发明涉及内容分发系统、信息处理设备或方法、以及计算机程序,并提供一种管理版权的环境,以使加密内容和对加密内容解码的许可证被处理为不同的事物。 The present invention relates to a content distribution system, the information processing apparatus or method, and a computer program, and to provide a copyright management environment, so that the encrypted content and a license for the encrypted content is decoded as different things. 而且,允许客户端合法地使用内容。 Moreover, it allows clients to legally use the content. 当客户端(A)获得的内容转移到另一客户端(B)时,客户端(B)的信息增加到所述内容上,以便标识客户端(B),由此实现在客户端(A,B)之间共享内容,同时确保保护这些内容。 When content client (A) was transferred to another when the client (B), the client (B) is added to the content information, to identify the client (B), thereby enabling the client (A share content, B), while ensuring the protection of the content. 允许获得许可证的任何用户用多个装置使用所述内容,同时防止对内容的任何非法使用。 It allows any user to obtain a license to use the content by a plurality of devices, while preventing any illegal use of content.

Description

内容分发系统、信息处理设备或方法、以及计算机程序 The content distribution system, the information processing apparatus or method, and a computer program

技术领域 FIELD

本发明涉及内容分发系统、使用内容的信息处理设备或方法、以及用于管理通过网络等分发的音乐数据、图象数据、诸如电子出版物的数字数据、运动图象和其它内容的使用的计算机程序。 The present invention relates to a content distribution computer system, using the music data, image data information processing apparatus or method using the content, and for managing the like distributed through a network, digital data such as electronic publications, and other moving picture content program. 具体地,本发明涉及内容分发系统、使用内容的信息处理设备或方法、以及用于管理符合使用条件或合同如许可证协议的内容的使用的计算机程序。 In particular, the present invention relates to a content distribution system, the information processing apparatus or method of use of content, and a computer program for managing compliance with the conditions of use such as the content of a contract or license agreement use.

更具体地,本发明涉及内容分发系统、使用内容的信息处理设备或方法、以及向内容用户授予许可证以控制内容使用并提供内容保护的计算机程序。 More particularly, the present invention relates to a content distribution system, the information processing apparatus or method of use of content, and the content license is granted to the user to control content usage and content protection in a computer program. 尤其是,本发明涉及内容分发系统、使用内容的信息处理设备或方法、以及允许许可用户从多个装置使用内容同时防止非法使用内容的计算机程序。 In particular, the present invention relates to a content distribution system, the information processing apparatus or method of use of the content, and allows the user permission to use content from a plurality of devices while preventing unauthorized use of the content of a computer program.

背景技术 Background technique

随着近年来因特网的广泛应用,计算机文件和各种数字内容在网络上大量分发。 With the extensive use of the Internet in recent years, computer files and mass distribution of digital content over a network. 由于宽带通信网络(xDSL[x数字用户线路]、CATV[有线电视]、无线网络等)的广泛应用,将要建立不导致压力就可向用户分发音乐数据、图象数据、诸如电子出版物的数字数据、运动图象和其它丰富内容的机构。 Since the broadband communication network (xDSL [x Digital Subscriber Line], the CATV [cable television], wireless network, etc.) is widely used to establish the pressure can not result in the distribution of music data, the image data to the user, such as a digital electronic publications data, images and other sports bodies rich content.

被分发的内容是数字数据,它容易被拷贝、伪造或进行其它操作。 Distributed content data is digital, it is easy to copy, forgery or other operations. 目前,这些内容被频繁地拷贝、伪造或进行其它非法操作。 Currently, these contents are copied frequently, counterfeit or other illegal operation. 此非法操作已经是削弱数字内容卖主利益的主因。 This is an illegal operation has weakened the interests of sellers of digital content main reason. 内容的价格因此被迫提高。 Therefore forced to raise the price of the content. 这导致恶性循环,因为价格提高妨碍内容的传播。 This leads to a vicious circle, because higher prices hinder the spread of content.

随着密码技术的使用,现在有可能在通信路径中保护内容不泄露给有恶意的第三方。 With the use of cryptographic techniques, it is now possible to protect content in the communication path is not leaked to a malicious third party. 然而,此问题不局限于内容分发过程。 However, this problem is not limited to content distribution process. 此问题在向授权用户提供内容之后因内容非法拷贝和内容非法使用而变得明显。 This problem After providing content to authorized users of illegal copies of content due to illegal use and content becomes apparent.

近来,一种称作“数字权利管理”(DRM)的技术适于解决以上数字内容问题。 Recently, a technique called "digital rights management" (DRM) technology suitable for solving the above digital content issues. 现在结合其有争议的几点来概述DRM技术。 Now combined with its controversial points to an overview of DRM technology.

DRM技术建立这样一种方案:在准许用户使用内容之前,用户不能使用内容。 DRM technology to establish such a program: before granting the user to use the content, the user can not use the content. 例如通过Microsoft的称作“Windows Media RightsManager”的系统或IBM的称作“Electronic Media ManagementSystem”(EMMS)的系统而提供此方案。 For example, this program provided by Microsoft called a "Windows Media RightsManager" system or IBM's called "Electronic Media ManagementSystem" (EMMS) system.

通常,DRM系统的参与方是内容提供商、许可证管理者以及用户。 Typically, the DRM system involved party content providers, licensing managers and users. 用户拥有内容再现设备,并使用该设备来欣赏内容。 Users with content reproduction device, and use that device to enjoy the content. 许可证管理者向用户发放许可证。 License manager licensing to the user. 内容提供商向用户提供内容。 Content providers to provide content to the user.

内容(Cont)由内容提供商分发。 Content (Cont) distributed by the content provider. 内容用密钥(内容密钥Kc)加密,并以格式E(Kc,Cont)格式分发,其中,内容密钥Kc随着内容而改变。 With a content key (contents key Kc) encrypted and distributed in format E (Kc, Cont) format, wherein the content with the content key Kc is changed. 在此规范中,所述格式的内容被称作“加密内容”。 In this specification, the contents of the format is called "the encrypted content."

当用户希望使用某个内容Cont时,用户请求许可证管理者发放许可证。 When a user wants to use a content Cont, the user requests a license manager licensing. 为响应此请求,许可证管理者执行记账过程和其它的过程,接着向用户发放许可证。 In response to this request, the license manager executes billing process, and other processes, then the user licensing.

更具体地,向用户的再现设备授予内容密钥Kc。 More particularly, grant reproducing content to a user device key Kc. 为了达到此目的,许可证管理者与每个再现设备共享加密密钥Ku。 For this purpose, each of the license manager and shared encryption key Ku reproducing device. 加密密钥Ku随着再现设备的不同而改变。 Different encryption key Ku as the reproducing apparatus is changed. (在许可证发放时共享加密密钥Ku,或者,在再现设备中包含共享的加密密钥。)内容密钥Kc用加密密钥Ku加密,并且,得到的加密数据E(Ku,Kc)传送给再现设备。 (When a shared encryption key Ku licensing, or comprising an encryption key sharing in the reproducing apparatus.) The key Kc encrypted using the encryption key Ku, and the resultant encrypted data E (Ku, Kc) transmitted to the reproduction apparatus. 此数据被称作“许可凭证”。 This data is referred to as "license certificate."

用于许可用户的再现设备可通过使用从许可凭证E(Ku,Kc)接收的加密密钥Ku以及加密内容E(Kc,Cont)而播放内容。 Reproducing apparatus for permitting a user may receive an encryption key Ku and the encrypted content E (Kc, Cont) and to play the content from a license voucher E (Ku, Kc) by using. 首先,用加密密钥Ku从许可凭证E(Ku,Kc)解密内容密钥Kc。 First, the key Kc from the license certificate E (Ku, Kc) to decrypt the content encryption key Ku. 接着,用内容密钥Kc从加密内容E(Kc,Cont)解密内容Cont,并再现。 Next, the content key Kc from the encrypted content E (Kc, Cont) to decrypt the content Cont, and playback. 从而,只有当再现设备/许可凭证/加密内容的组合正确时,才可使用内容。 Therefore, only when the reproducing apparatus in combination / permission credentials / correct the encrypted content, using the content available. 这意味着内容只能被许可用户使用。 This means that content can be licensed users.

为了保护内容使用权,再现设备必须防止解密内容泄露到外界。 In order to protect the right to use the content, the reproduction device decrypts the content must be prevented from leaking to the outside world. 为了达到此目的,再现设备必须执行使加密密钥Ku、内容密钥Kc和解密内容Cont不泄露给外界的过程。 For this purpose, the reproducing apparatus must perform the encryption key Ku, Kc and the content key to decrypt the content Cont is not leaked to the outside of the process. 理由是一旦解密内容泄露给外界,泄露内容就可被复制,从而无限制地使用。 The reason is once decrypted contents leaked to the outside world, leaked contents can be copied, so unlimited use. 换句话说,要求再现设备能执行不会把加密密钥Ku、内容密钥Kc和解密内容Cont泄露给外界的过程。 In other words, the reproducing apparatus can perform not requires an encryption key Ku, and the content key Kc to decrypt the content Cont leaked to the outside of the process. 在此规范中,符合此要求的再现设备被称作“合法”再现设备。 In this specification, the reproduction apparatus comply with this requirement is called the "legal" reproducing apparatus.

在DRM系统中,通过向用户的特定再现设备赋予内容密钥Kc而向用户授予内容许可证(允许使用)。 In the DRM system, the content key Kc is given by the reproducing apparatus to a user-specific content license granted to the user (allowed). 当以此方式授予许可证时,接收内容密钥Kc的再现设备必须是合法的。 When the license granted in this way, receiving the content key Kc reproduction equipment must be lawful. 从而,发放许可证的许可证管理者必须指定被许可人的特定再现设备,并只向合法再现设备赋予内容密钥。 Thus, licensing license manager must specify the particular licensee reproducing apparatus and reproducing apparatus gives only key to legitimate content. 为了做到这点,许可证管理者必需具有与合法再现设备有关的数据库,并且根据数据库而发放许可证。 To do this, managers must have a permit and legal reproduction equipment related databases, and while licensing according to the database.

然而,在存在许多再现设备的情况下,进行数据库搜索是需要大量时间和成本的过程。 However, in the case where there are a number of reproducing apparatus, a database search process requires a lot of time and cost. 尤其是,如果例如因为重复内容下载方案而频繁执行许可证发放过程,过多的负担就强加到包含数据库的服务器上。 In particular, if, for example because of duplicate content download programs to perform frequent licensing process, too much burden to impose on the server containing the database. 换句话说,DRM系统中的许可证发放过程不适于再现设备数量的增加。 In other words, DRM systems are not suitable for the licensing process to increase the number of reproduction equipment.

例如,当向特定用户提供内容时,在内容提供之前,执行用户验证过程。 For example, when providing content to a specific user, prior to providing the content, performs a user authentication process. 如果在此情况下使用DRM方法,除了用户验证以外还需要执行另外的过程,以指定用户的内容再现设备,并产生针对此再现设备的许可证。 If the DRM method used in this case, in addition to the need to perform additional user authentication process, the user to specify the content reproducing apparatus, and generating a license for this reproducing apparatus. 这降低内容提供处理速度。 This reduces the content providing processing speed.

尽管用户一般拥有并使用多个内容再现设备,但向特定再现设备授予内容许可证。 Although users generally have and use multiple content playback device, but awarded the license to a specific content reproducing apparatus. 从而,即使在用户所拥有的全部再现设备符合“合法”再现设备要求时,如果用户希望用多个再现设备使用相同的内容时,用户也必须重复地完成为每个再现设备获得许可证的程序。 Thus, even if all reproducing apparatus owned by the user in line with the "legal" requirements reproducing apparatus, if the user wants to use the same content reproduction device with multiple, user also must be repeated for each complete reproduction device licensed program . 执行此程序消耗大量的时间。 The implementation of this program consumes a lot of time. 进一步地,用户为每次使用相同的内容而被记费,从而,用户不得不支付额外的费用。 Further, each user is using the same content billing, thus, users have to pay extra.

由于现在分发行业已经成长,因此,多个内容分发商提供各种各样的内容。 Now that the distribution industry has grown, so more content distributors offer a variety of content. 然而,如果用户所拥有的全部再现设备都是“合法”的但在不同的内容分发商中注册以获得许可,那么,即使再现设备属于相同用户,也不能用不同的再现设备使用内容(内容不能共享)。 However, if all reproducing apparatus owned by the user are "legal", but registered in different content distributors to obtain a license, then even if reproducing apparatus belonging to the same user, nor can a different reproduction device uses content (content is not shared). 从而,不能获得在多个内容分发商中注册(或获得帐户)的优点。 Thus, can not obtain the advantages of registration in multiple content distributors in (or get account). 从内容分发商的观点出发,业务合作程度和用户便利水平都较低。 From the point of view of content distributors, business cooperation and the degree of user convenience levels are low.

发明内容 SUMMARY

本发明的目的是提供优秀的内容分发系统、使用内容的信息处理设备或方法、以及能根据使用条件或合同如许可证协议而最佳地管理内容使用的计算机程序。 Object of the present invention is to provide excellent content distribution system, the information processing apparatus or method of use of content, and can use conditions such as a contract or license agreement and a computer program used optimally manage content.

本发明的另一目的是提供优秀的内容分发系统、使用内容的信息处理设备或方法、以及能向内容用户授予许可证以控制内容使用并提供内容保护的计算机程序。 Another object of the present invention is to provide excellent content distribution system, the information processing apparatus or method of use of content, and the content of the user can be granted a license to use the content and to control content protection of a computer program.

本发明的还一目的是提供优秀的内容分发系统、使用内容的信息处理设备或方法、以及允许许可用户从多个装置使用内容同时防止非法使用内容的计算机程序。 A further object of the present invention is to provide excellent content distribution system, the information processing apparatus or method of use of the content, and allows the user permission to use content from a plurality of devices while preventing unauthorized use of the contents of a computer program.

为实现以上目的,已经进行了本发明。 To achieve the above object, the present invention has been made. 在本发明的第一方面中,内容分发系统向用户的客户端分发内容。 In a first aspect of the present invention, the content distribution system to distribute content client user. 用户可拥有两个或多个客户端,并且每个客户端根据获得的许可证而合法地使用内容。 Users can have two or more clients, and each client and the legitimate use of content under license obtained. 内容分发系统包括:注册部件,所述注册部件用于注册用户的每个客户端并获得与顾客相关的信息;用于管理顾客相关信息的顾客相关信息管理部件;内容提供部件,所述内容提供部件根据客户端的请求而向客户端提供内容;许可证提供部件,所述许可证提供部件根据已经从所述内容提供部件获得内容的客户端的请求,而向已发出请求的客户端提供用于获得内容的许可证;以及内容拷贝证书提供部件,所述内容拷贝证书提供部件向转移源客户端提供表示内容从用户的一个客户端转移到另一客户端合法的内容拷贝证书。 The content distribution system comprising: a registration member, the registration member for each client registered user terminal and obtain information related to the customer; customer-related information for managing customer information management section; content providing means providing the content member of the client's request to provide content to the client; means the licenses, the license request section member has been provided according to the customer obtaining content from the content side, but is provided for obtaining the client request has been made Where the license; copy of the certificate and a content providing means providing the content certificate copy content represented member provided to the transfer source client user moves from one client to another client legal copies of content certificates.

上述“系统”是多个装置(用于执行特定功能的功能模块)的逻辑集合。 The above-described "system" means a logical set of a plurality of (for performing a particular function module functions). 装置和功能模块不必总是位于单个壳体内。 Means and function modules need not always be located within a single housing.

在根据本发明第一方面的内容分发系统中,当下载到一个客户端的内容转移到另一客户端时,即使用户拥有多个客户端且所述客户端在不同的许可证服务器中注册,内容拷贝证书也附加到所述内容上,以表示内容转移目的地是合法的。 Registered in the content distribution system according to a first aspect of the present invention, when downloading content to a client transferred to another client, even if the user has multiple clients on different client and the license server, the content copy of the certificate is also attached to the content, content to indicate the transfer destination is legal. 转移目标客户端可根据内容拷贝证书而获得接收的内容,并核实再现权是否合法。 Transfer target client can obtain a copy of the received content based on the content of the certificate and verify the legality of reproduction rights.

换句话说,即使用户拥有的多个客户端在不同的许可证服务器中注册,根据本发明第一方面的内容分发系统也允许许可用户从多个装置使用内容,同时防止内容的非法使用。 In other words, even if the end user has a plurality of clients in different servers registered in the license, a content distribution system according to a first aspect of the present invention also allows the user to use content from a plurality of licensed devices, while preventing the illegal use of content. 进一步地,促进内容分发服务的使用,因为当用户从多个客户端使用内容时,强加到用户上的工作量减少。 Further, promoting the use of content distribution services, because when the user to use content from multiple clients, the workload imposed on the user is reduced.

如上所述,当内容分发商互相合作时,完成多个客户端共享的内容。 As mentioned above, when the content distributors to cooperate with each other to complete multiple clients to share content. 在内容转移源的客户端和在内容转移目的地的客户端可在不同的内容分发商中注册。 Transfer the contents of the source client and the content of the transfer destination client can register in different content distributors. 在此情况下,内容分发商可通过顾客相关信息提供部件而互相查询顾客相关信息。 In this case, content distributors to provide parts by customer-related information and queries the customer-related information with each other. 注册内容转移源客户端的内容分发商只需执行用于确认内容转移目标客户端是相同用户所拥有的合法装置的过程。 Sign up content transfer source client content distributors only for confirming the contents of the transfer target client is a legitimate process devices owned by the same user.

上述内容拷贝证书提供部件可产生内容拷贝证书,所述证书包含用于转移目标客户端的许可证。 Copy the contents of the certificate to provide the above-described components may be generated copy of the content certificate, the certificate comprising a license transfer destination client. 在此情况下,转移目标客户端可从内容拷贝证书获得许可证,以使用内容。 In this case, the transfer target client can obtain a license from copies of the content certificate to use the content. 从而,转移目标客户端不必在内容分发商中注册,并直接获得许可证。 Thus, the transfer target client does not have to be registered in the content distributors, and direct access to licenses. 以此方式,可顺利地实现内容共享。 In this way, we can successfully implement content sharing.

可替换地,内容转移源客户端和内容转移目标客户端在不同的许可证提供部件中注册,从而,每个许可证提供部件向注册客户端提供各自的公共密钥。 Alternatively, the content transfer source client and the destination client transferring content at different license providing means register, whereby each license providing means provides a respective public key to register the client. 在此情况下,内容拷贝证书提供部件通过使用注册内容转移目标客户端的许可证提供部件的公共密钥而对内容拷贝证书电子签名,以防止内容拷贝证书被伪造并保证安全的内容转移。 In this case, copy the contents of electronic signature certificates provide parts and copy the contents of the certificate by using a registration content transfer target client's license to provide public key components to prevent copying the contents of the certificate is forged and secure transfer of content. 进一步地,转移目标客户端可用公共密钥实现解密,并获得内容许可证。 Further, the transfer target client can be used to achieve the public key to decrypt and obtain a content license.

内容拷贝证书提供部件获得从转移源客户端转移的内容的许可证ID以及转移目标客户端的客户端ID;向顾客相关信息提供部件发送查询,以核实转移源客户端是否合法,并核实转移源客户端是否获得将被转移内容的许可证,并进一步核实拥有转移源客户端的用户是否真地拥有转移目标客户端;并且,以最佳地防止内容拷贝证书被伪造或滥用的方式提供内容内容拷贝证书。 Copy the contents of a certificate providing means to obtain content end transfer from the transfer source client of the client ID of the license ID and the transfer target clients; providing parts to customer-related information send inquiries to verify the transfer source client is legitimate and verify the transfer source client end whether to obtain a license will be transferred content, and has further verify whether the transfer source client users really have transfer target clients; and to best prevent copying the contents of the certificate is forged or abused way to provide a copy of the certificate contents .

上述顾客相关信息提供部件只需管理以下表格:定义页ID与客户端ID之间关联的表格;定义客户端ID与客户端公共密钥证书之间关联的表格;定义客户端ID与用户ID之间关联的表格;定义内容ID与许可证ID之间关联的表格;定义用户ID与下载内容的内容ID之间关联的表格;定义用户ID与下载许可证的许可证ID之间关联的表格;以及内容拷贝证书发放的历史。 The customer-related information providing means only need to manage the following table: Table ID and the association between the defined page ID of the client; table defines association between the client ID and a client public key certificate; custom client ID and a user ID table between associated; form the link between ID and license ID definition content; association between the table and define a user ID to download the license license ID; form associations between content ID defined user ID and downloadable content; and a copy of the certificate issued by the historical content.

进一步地,内容提供部件每次向客户端提供内容时,和/或许可证提供部件每次向客户端提供许可证时,顾客相关信息提供部件都更新顾客相关信息。 Furthermore, when each component content providers to provide content to the client, and / or licenses to provide components each time to provide licenses to the client, customer-related information is updated components provide customer-related information.

根据本发明第一方面的内容分发系统进一步包括记帐过程部件,所述记帐过程部件根据提供给客户端的许可证而对该客户端执行记帐过程。 According to a first aspect of the present invention is a content distribution system further comprises a billing procedure member, the end of the billing process member performs a billing procedure in accordance with the client to provide a license to the client.

记帐过程部件对许可证提供记帐的金额与对内容拷贝证书提供记帐的金额不同。 Billing process part of the license to provide billing amount and the amount billed to copies of the content provided different credentials. 例如,对内容拷贝证书的收费等效于对第二许可证提供的收费,对内容拷贝证书的收费变得比对涉及相同内容的初始许可证获得的收费更低,或者减少到0(不收费)。 For example, the charge for copying the contents of the certificate is equivalent to the second license supplied charge, charge for copying the contents of the certificate becomes lower than the costs of the initial content relates to the same license obtained, or is reduced to 0 (no charge ). 这减少对从多个客户端使用内容的用户的成本负担,由此促进内容分发服务的使用。 This reduces the cost burden on the user to use the content from multiple clients, thus promoting the use of content distribution services.

在本发明的第二方面中,以计算机可读的形式写计算机程序,从而,所述程序在计算机系统上运行,以执行用于提供内容使用许可证的过程。 In a second aspect of the present invention, a computer-readable form to write a computer program, whereby the program is run on a computer system to perform a process for providing a license to use the content. 用户可拥有两个或多个客户端,并且每个客户端根据获得的许可证而合法地使用内容。 Users can have two or more clients, and each client and the legitimate use of content under license obtained. 计算机程序包括以下步骤:获得与将从内容转移源客户端转移的内容有关的许可证ID以及内容转移目标客户端的客户端ID;核实内容转移源客户端是否合法,并核实转移源客户端是否获得将被转移内容的许可证,并进一步核实拥有转移源客户端的用户是否真地拥有转移目标客户端;创建内容拷贝证书;以及向内容转移源客户端提供内容拷贝证书。 A computer program comprising the steps of: obtaining a license ID and content with the content transfer source client shift from content-related transfer target clients Client ID; verify the contents of the transfer source client is legitimate and verify whether the transfer source client to obtain whether or not to license the content to be transferred, and has further verified the transfer source client users really have transfer target clients; create a copy of the contents of the certificate; and transferring the source client to provide content to copy the contents of the certificate.

根据本发明第二方面的计算机程序是以计算机可读形式写的计算机程序的定义,所述计算机程序在计算机系统上执行特定的过程。 The computer program according to a second aspect of the present invention is defined in computer readable form to write a computer program, the computer program performing a particular process on a computer system. 换句话说,与根据本发明第一方面的内容分发系统的情形一样,当根据本发明第二方面的计算机程序安装在计算机系统上时,在计算机系统上执行协作行动,从而,允许多个客户端共享内容,同时保护内容。 In other words, the case with the content distribution system according to a first aspect of the present invention is the same as when mounted on a computer system a computer program according to a second aspect of the present invention, performing a cooperative action on the computer system, thereby allowing multiple clients end share content while protecting content.

从本发明优选实施例的以下描述以及附图中,本发明的其它目的、特征和优点将变得清晰。 The following description and drawings, other objects, features and advantages of the present invention from the preferred embodiment of the present invention will become apparent.

附图说明 BRIEF DESCRIPTION

图1为示出根据本发明一个实施例的内容分发系统的典型配置的示意图。 FIG 1 is a diagram showing the configuration of a content distribution system according to an exemplary embodiment of the present invention.

图2为示出用作服务器或客户端的主机的硬件配置的示意图。 FIG 2 is a schematic diagram showing a host as a client or server hardware configuration.

图3为示出用作客户端的主机的功能配置的示意图。 3 is a schematic functional configuration of a client host as shown.

图4为示出用作许可证服务器的主机的功能配置的示意图。 FIG 4 is a schematic diagram for the license server host functional configuration shown.

图5为示出用作内容服务器的主机的功能配置的示意图。 FIG 5 is a schematic diagram of the function of the host server as a content of the configuration shown.

图6为示出当客户端执行与许可证服务器有关的预注册程序时所采取的处理步骤的流程图。 FIG 6 is a flowchart illustrating a processing procedure performed when the license server client-related pre-registration procedures taken.

图7为示出客户端为下载内容而执行的处理步骤的流程图。 7 is a flowchart illustrating processing steps of a client for downloading content executed.

图8为示出内容服务器为下载内容而执行的处理步骤的流程图。 FIG 8 is a flowchart showing process steps executed for downloading content from the content server.

图9示出当内容服务器A向客户端A分发内容时使用的典型数据格式。 Figure 9 shows a typical data format when the content server A A distributing content to the client.

图10为示出客户端A为再现所下载内容而执行的处理步骤的流程图。 FIG 10 is a flowchart illustrating a processing procedure of the client A reproducing the downloaded content executed.

图11是示出为获得所需许可证而执行的处理步骤的流程图,其中,所述许可证允许客户端A再现下载的内容。 FIG 11 is a flowchart showing process steps performed to obtain the required license, wherein the license allows the client A playback the downloaded content.

图12为示出许可证服务器提供给客户端的许可证的数据结构的示意图。 FIG 12 is a schematic diagram illustrating a data structure of the license server client license is provided to.

图13为示出许可证服务器A为向客户端A提供许可证而执行的处理步骤的流程图。 13 is a flowchart showing process steps A license server provides a license to the client A executed.

图14为示出客户端对许可证服务器执行许可证更新过程而采取的处理步骤的细节的流程图。 FIG 14 is a flowchart showing a detailed processing procedure for the license server client license update process performs taken.

图15为示出许可证服务器为更新许可证而执行的过程的细节的流程图。 FIG 15 shows a flowchart illustrating details of the process of updating the license to the license server is performed.

图16为示出客户端A为从许可证服务器A获得内容拷贝证书而执行的处理步骤的流程图。 FIG 16 is a flowchart showing a processing procedure for obtaining the content A client certificate from the license server A copy executed.

图17为示出许可证服务器A为响应客户端A的请求而发放内容拷贝证书所执行的处理步骤的流程图。 FIG 17 is a flowchart illustrating the processing steps A license server copy the contents of the certificate is performed in response to customer A's request and payment terminal.

图18为示出内容拷贝证书的数据结构的示意图。 FIG. 18 shows a schematic view of a data structure of the content certificate is copied.

图19为示出客户端A所执行的客户端之间内容转移处理步骤的流程图,其中,客户端A是内容转移源。 FIG 19 is a flowchart showing the content between client A client process executed by the transfer step, in which the client A is the content transfer source.

图20为示出客户端B为获得内容而执行的处理步骤的流程图,其中,客户端B是内容拷贝目的地。 FIG 20 is a flowchart showing a processing procedure to obtain the content client B executed, in which the client B is the content of the copy destination.

图21示出当客户端根据从许可证服务器提供的许可证而使用从内容服务器提供的内容时执行的过程。 FIG 21 shows a process when a client to use the content provided from the content server under license from the license server execution.

图22示出EKB结构。 22 shows the structure of EKB.

具体实施方式 Detailed ways

现在结合附图描述本发明的实施例。 Embodiments described in conjunction with embodiments now to the drawings of the present invention.

图1示意性地示出根据本发明一个实施例的内容分发系统的典型配置。 FIG 1 schematically illustrates a typical configuration of a content distribution system according to an embodiment of the present invention. 在图示实例中,内容分发系统可分为提供内容的内容分发方以及顾客方。 In the illustrated example, the content distribution system can be divided into a content providing content distributor and customer side. 内容分发方与顾客方例如用因特网或其它宽带通信网络(xDSL[x数字用户线路]、CATV[有线电视]、无线网络等)互连。 Content distribution side and the customer side, for example, with Internet or other broadband communication network (xDSL [x Digital Subscriber Line], the CATV [cable television], wireless network, etc.) are interconnected.

如图所示,内容分发方包括多个分发商,如分发商A和分发商B。 As shown, the content distributor comprises a plurality of distributors, such as distributor distributing A and B.

每个分发商包括许可证服务器、内容服务器、记帐服务器和操作数据库服务器。 Each distributor includes a license server, content server, billing server and database server operations. 许可证服务器为顾客的每个内容再现设备(以下称作“客户端”)提供用户(客户端)注册和内容许可。 Server license for each content reproduction device customer (hereinafter referred to as "clients") provides the user (client) registration and license content. 内容服务器储存将要提供的内容,并执行分发过程。 The content server storing the content to be provided, and the implementation of the distribution process. 记帐服务器在用户注册和/或许可证提供时(和在内容拷贝证书(在后面描述)发放时)执行记帐过程。 Accounting server when a user registration and / or license provided (and at the time of copying the contents of the certificate (described later) issued) performs a billing procedure. 操作数据库服务器储存向顾客或客户端授予内容许可证所需的各种数据。 Operational database server to store various data content to grant the customer or client licenses required.

在本实施例中,分发商例如用因特网或其它中枢通信网络互连。 In the present embodiment, for example, a distributor with the Internet or other interconnecting network communication backbone. 进一步地,为了分发商之间的顺利协作,建立操作数据库服务器C(DBC),以控制每个分发商的操作数据库。 Further, in order to distribute the successful collaboration between business, the establishment of operational database server C (DBC), to control the operation of each distributor's database.

如果在当地未找到用户信息,分别为分发商A和B设置的操作数据库服务器A(DB A)和操作数据库服务器B(DB B)就查询操作数据库服务器C(DB C)。 If the user information is not found locally, were operating a database server A (DB A) A and B set up distribution and operation of the database server B (DB B) to query the database server C (DB C). 服务器A和B执行所需的同步过程,以确保在操作数据库服务器C中反映更新。 Servers A and B required to perform a synchronization process to ensure that the update is reflected in the operation of the database server C. 然而,操作数据库服务器C是可选的。 However, the operation of the database server C is optional. 它可用使操作数据库服务器A和B共享信息的某个方案来替代。 It makes available to operate the database servers A and B share a program information instead.

在图1所示实例中,分发商A和B具有它们自己的许可证服务器、记帐服务器、内容服务器和操作数据库服务器。 In the example shown in Figure 1, distributor A and B have their own license servers, accounting servers, content servers, and database servers operation. 可替换地,分发商可共享某个服务器或全部服务器。 Alternatively, the distributor may share a server or all servers. 另一替代例是让一个分发商使用其它分发商的内容服务器。 Another alternative is to use a distributor to distribute other's content server.

在内容分发系统中存在许多顾客。 There are many customers in the content distribution system. 然而,在图1所示实例中,为绘图简单起见,只示出一个顾客。 However, in the example shown in Figure 1, it is a drawing simplicity, shows only a customer. 图中所示顾客具有多个内容再现设备,包括客户端A和客户端B。 FIG customer having a plurality of content reproducing apparatus, including client A and client B. 每个客户端符合“合法”再现设备条件,并且能执行不向外界泄露加密密钥、内容密钥和解密内容的过程,其中,所述条件结合DRM技术而定义。 Each client matching "valid" condition reproducing apparatus, and can be performed without leakage to the outside the encryption key, the content key and the decryption process of the content, wherein the DRM technology defined binding conditions.

在图示实例中,客户端A在分发商A中预注册,并且能从分发商A接收内容和获得许可证。 In the illustrated example, client A distributor A pre-registration, and receive content from distributor A and licensed. 客户端B在分发商B中预注册,并且能从分发商B接收内容和获得许可证。 Client B pre-registered in the distributor B, and B receives content from the distributor and obtain a license.

客户端A执行对于许可证服务器A的预注册程序,并向许可证服务器A发出许可证获得请求。 A client implementation of the pre-registration process for the license server A, and to issue a permit request to obtain the license server A. 客户端B执行对于许可证服务器B的预注册程序,并向许可证服务器B发出许可证获得请求。 Client B perform pre-registration program for a license server B, and to issue a permit request to obtain the license server B. 假设许可证服务器A和B互相具有对于另一服务器的秘密密钥。 Suppose A and B have a license server to another server secret key with each other.

当内容从客户端A转移到客户端B时,其上由客户端A写内容的记录介质转移到客户端B。 When the content from the client A to client B, client A on which the recording medium is transferred to write the content to the client B. 替代方案是通过个人网络传送内容。 The alternative is delivering content through a personal network. 然而,当内容从客户端A转移到客户端B时,假设作为内容转移源的客户端A已经从分发商购买内容(或获得许可证)。 However, when the content is transferred from client A to client B, assuming that the customer transfer source as the content side A has purchased content from the distributor (or licensed).

在本实施例中,用户ID用于用户验证(在后面详细描述)。 In the present embodiment, a user ID used for user authentication (described in detail later). 然而,可使用客户端ID来取代用户ID,客户端ID用于标识各个客户端。 However, the client ID may be used instead of the user ID, the client ID for identifying the respective client. 用户的用户ID随着分发商所提供的服务而变化。 The user ID with the service provided by the distributor changes. 然而,假设特定用户的用户ID通过使用各种操作数据库而互相关联(串在一起),以允许每个分发商识别相同的用户。 However, given a particular user ID by using various databases and operations related to each other (strung together), to allow the user to identify the same for each distributor. 客户端ID也由操作数据库服务器A、B和C管理。 Client ID by the operation of the database server A, B and C administration. 在本实施例中,使用用户ID和口令来进行验证。 In the present embodiment, a user ID and password for authentication. 可替换地,可使用客户端ID(装置ID)来进行验证(装置验证)。 Alternatively, it can be verified (verification means) using the client ID (device ID). 另一替代方案是根据装置验证与用户验证的组合来处理用户信息。 Another alternative is to process the information according to the user authentication apparatus in combination with user authentication.

根据本实施例的内容分发系统基于以下前提条件:(1)提供根据内容分发商或版权拥有者的愿望而限制顾客所使用分发内容范围(执行版权管理)的环境;(2)在上述版权管理环境中,加密内容和用于对此加密内容解密的许可证被独立处理;(3)每个客户端都设置用于版权管理和保护的信息处理方法(“合法”);(4)从各个内容分发商接收内容的客户端互不相同;(5)每个客户端在它自己中或在可连接到客户端的记录介质上储存接收到的内容;(6)当客户端共享内容时,顾客通过记录介质或有线或无线通信链接而在客户端之间转移内容;以及(7)可交换或共享由各个内容分发商拥有的顾客相关信息(如与顾客有关的信息、顾客所拥有的客户端、以及所购买的内容)。 Based on the following prerequisites content distribution system according to the present embodiment: (1) providing the wishes of the content distributor or copyright owner to restrict the distribution range of content (execution Rights Management) used by the customer environment; (2) the above copyright management environment, encrypted content and license for this decrypting the encrypted content to be processed independently; (3) are set for each client information processing method, rights management and protection ( "legal") is used; (4) from each content delivery client terminal receives the content providers different from each other; (5) for each client in its own or in connection to the storage content may be received on the recording medium of the client; (6) when a client share content, customer through a recording medium or a wired or wireless communication link and transfer content between the client; and (7) exchangeable or share customer information (such as information relating to the customer by the respective content distributors have, owned by the customer client and content purchased).

当在以上前提条件下客户端A获得的内容储存在客户端B上时,根据本发明的内容分发系统在所述内容上增加与客户端B有关的信息(“内容拷贝证书”[后面描述],它包含客户端装置ID等)。 When the above content in the obtained client A prerequisite stored on client B, the content distribution system according to the present invention increases information relating to the client B ( "Content Certificate Copy" on the content [described later] it includes a client device ID, etc.). 以便标识客户端B。 To identify the client B. 以此方式,在保护内容的同时,在客户端A和B之间允许内容共享。 In this manner, while protecting the content between the client A and B allows content sharing. 然而,客户端A已经从分发商购买目标内容(或获得许可证)。 However, Client A has purchased from the distributor target content (or licensed). 在后面描述用于内容共享的处理步骤的细节。 Described later for details of the processing steps of the content sharing.

图2为示出在根据本实施例的内容分发系统中用作服务器或客户端的主机的硬件配置的示意图。 FIG 2 is a schematic of a hardware configuration of the host server or as a client in a content distribution system according to the present embodiment is shown.

参考号101代表用作主控制器的CPU(中央处理单元)。 Reference numeral 101 denotes a CPU as a main controller (central processing unit). 在操作系统(OS)的控制下,CPU 101执行各种应用程序。 Under the control of an operating system (OS) is, CPU 101 executes various application programs. 如果在本实施例中主机是客户终端,CPU 101就执行客户端应用程序,所述客户端应用程序完成在分发商中的预注册,下载内容,获得许可证,储存内容,并执行各种其它的操作服务。 In the present embodiment, if the host is a client terminal, CPU 101 executes a client application, the client application to complete the pre-registered in the distributor, downloads the content, a license is obtained, stored content, and performing various other the operational services. 另一方面,如果主机用作许可证服务器、内容服务器、记帐服务器、操作数据库服务器或其它相似的服务器,CPU 101就执行各种服务器应用程序。 On the other hand, if the host is used as the license server, content server, billing server, database server, or other similar operations server, CPU 101 executes the various server applications. 如图中所示,CPU 101通过总线108而互连到其它装置(在后面描述)。 As shown therein, CPU 101 are interconnected by a bus 108 to other devices (described later).

参考号102代表主存储器,所述主存储器是用于装入在CPU 101中执行的程序代码或临时储存执行程序的工作数据的存储装置。 Reference numeral 102 represents a main memory, the main memory is used to load a program code executed in the CPU 101 or temporarily stores working data storage means executing a program. 例如,DRAM(动态RAM)或其它相似的半导体存储器用作主存储器102。 For example, DRAM (dynamic RAM), or other similar semiconductor memory 102 as a main memory. 如果主机是客户终端,CPU 101就把客户端应用程序装入到主存储器102中,作为将被执行的程序,所述客户端应用程序用于完成在分发商中的预注册,下载内容,获得许可证,储存内容,并执行各种其它的操作服务。 If the host is a client terminal, CPU 101 put the client application is loaded into the main memory 102 as a program to be executed, the client application program for performing the pre-registered in the distributor, downloads, to obtain license, store content, and perform various other operations services. 另一方面,如果主机用作许可证服务器、内容服务器、记帐服务器、操作数据库服务器或其它相似的服务器,CPU 101就把各种服务器应用程序装入到主存储器102中,作为将被执行的程序。 On the other hand, if the host is used as the license server, content server, billing server, database server, or other similar operations server, CPU 101 put the various server applications loaded into the main memory 102, as will be executed program.

参考号103代表ROM(只读存储器),ROM是用于永久储存数据的半导体存储器。 Reference numeral 103 denotes ROM (read only memory), ROM memory for permanent storage of data of the semiconductor. 例如,用于启动的自诊断测试(POST:通电自测试)和硬件输入/输出程序代码(BIOS:基本输入/输出系统)写入到ROM 103中。 For example, for starting a self diagnostic test (POST: power on self test) and hardware input / output program code (BIOS: Basic Input / Output System) is written into the ROM 103.

参考号104代表显示控制器,它是用于处理CPU 101所发出的绘图命令的专用控制器。 Reference numeral 104 represents a display controller, which is a dedicated controller for processing drawing commands issued by the CPU 101. 显示控制器104处理的绘图数据例如临时写在帧缓冲器(未示出)中,并随后输出到显示器111,以显示图象。 Display controller 104 processes the drawing data temporarily written in the frame buffer (not shown), and then output to the display 111, for example, to display an image. 显示器111的屏幕在视觉上向用户反馈用户输入信息及其处理结果(更具体地,内容再现屏幕)或错误和其它系统消息。 Screen display 111 is a visual feedback to the user on the user input information and processing results (more specifically, the content reproduction screen), or other errors and system messages.

参考号105代表输入装置接口,它是用于把键盘112和鼠标113或其它用户输入装置连接到交互式装置100的装置。 Reference numeral 105 denotes an input device interface, which is used to keyboard 112 and mouse 113 or other user input device is connected to the apparatus 100 of the interactive apparatus.

参考号106代表网络接口,它遵守Ethernet(注册商标)或其它相似的预定通信协议,并使系统100连接到局部网络如LAN(局域网)或广域网如因特网。 Reference numeral 106 represents a network interface, it complies with Ethernet (registered trademark), or other similar predetermined communication protocol, and the system 100 is connected to a local network such as a LAN (Local Area Network) or wide area network such as the Internet. 在车载终端等的情况下,网络接口106可以是通过移动电话或其它相似的无线通信链接而连接到广域网的接口。 In the case where the vehicle-mounted terminal or the like, the network interface 106 may be connected via an interface to a wide area network like a mobile phone or other wireless communication link.

在网络中,多个主机终端(未示出)以透明状态互连,建立分布式计算环境。 In the network, a plurality of host terminals (not shown) interconnected in a transparent state, the establishment of a distributed computing environment. 在网络内可执行例如用于分发软件程序和数据内容的分发服务。 For example executable within the network for distributing software programs and data content distribution service.

例如,如果主机是客户终端,就有可能下载客户端应用程序,所述客户端应用程序用于完成在内容分发商中的预注册,下载内容,获得许可证,储存内容,并执行各种其它的操作服务。 For example, if the host is a client terminal, it is possible to download the client application, the client application used to complete the pre-registration in the content distribution business in, downloads, get a license, storing content, and perform a variety of other the operational services. 还有可能通过网络而下载各种程序,包括那些用于完成在内容分发商中的预注册、从内容服务器下载内容、从许可证服务器获得许可证,并执行与所获得许可证有关的记帐过程的程序。 It is also possible to download a variety of programs through the network, including those for the completion of pre-registration in the content distribution business in, get a license from the license server to download content from the content server and performs billing relevant permits obtained program process. 进一步地,有可能通过网络执行未编译的源程序和已编译的目标程序。 Further, it is possible to perform non-compiled source code and compiled object program through the network. 如果主机用作许可证服务器、内容服务器、记帐服务器、或操作数据库服务器,就有可能通过网络下载各种服务器应用程序,并通过网络执行各种程序,包括那些用于完成在顾客的客户终端中的预注册、分发内容、提供许可证,并执行与所提供许可证有关的记帐过程的程序。 If the host for the license server, content server, billing server, database server, or operating, it is possible to download a variety of server applications over a network, and executes various programs across the network, including those for the customer to complete the client terminal the pre-registration, content distribution, provide the license and perform procedures related to the license provided by the billing process.

参考号107代表外部装置接口,它把硬盘驱动器(HDD)114、介质驱动器115和其它外部装置连接到主机100。 Reference numeral 107 denotes an external device interface, to which a hard disk drive (HDD) 114, media drive 115, and other external device connected to the host computer 100.

硬盘驱动器114是外部存储装置(众所周知),在硬盘驱动器114中安装用于存储的固定磁盘。 Hard disk drive 114 is an external storage means (well known), a fixed disk storage drive 114 in the hard disk. 它例如在存储容量和数据传输速率方面优于其它外部存储装置。 It is superior to other external storage devices, for example, in storage capacity and data transfer rate. 以可执行方式在硬盘驱动器114上放置软件程序被称作程序在系统上的“安装”。 A software program executable manner is placed on the hard disk drive 114 is referred to as the program on the system "installation." 在正常条件下,硬盘驱动器114以非易失性方式储存将被CPU 101执行的操作系统的程序代码、应用程序、装置驱动器等。 Under normal conditions, a hard disk drive 114 is stored in a nonvolatile manner to be executed by CPU 101 operating system program code, application, device driver and the like.

例如,如果主机是客户终端,就有可能在硬盘驱动器114上安装客户端应用程序等,所述客户端应用程序等用于完成在内容分发商中的预注册,下载内容,获得许可证,储存内容,并执行各种其它的操作服务。 For example, if the host is a client terminal, it may be installed on the hard disk drive 114 and other client application, the client application programs and the like for the completion of pre-registration of the content distribution provider, download content, a license, storage content, and perform various other operations services. 还有可能在硬盘驱动器114上储存从内容分发商下载的内容(或通过记录介质等从另一客户终端转移的内容)、以及内容许可证等。 It is also possible to store contents downloaded from the content distributor 114 on the hard drive (or transferred from another client terminal via a recording medium or the like content), content and licenses. 进一步地,如果主机用作许可证服务器、内容服务器、记帐服务器、操作数据库服务器或其它相似服务器,就有可能在硬盘驱动器114上安装各种服务器应用程序,并在硬盘驱动器114上储存内容分发操作所需的顾客相关信息(与顾客有关的信息、顾客所拥有的客户端、以及所购买的内容等)。 Further, if the host is used as the license server, content server, billing server, database server, or other similar operations server, it is possible to install various applications on the server hard disk drive 114, the content distribution and storage on the hard drive 114 customer-related information needed to operate (customer-related information, customers have a client, and the purchased content, etc.).

介质驱动器115接受可移动介质如CD(紧凑盘)、MO(磁光盘)和DVD(数字多用途盘),并访问其数据记录表面。 The media drive 115 accepts a removable medium such as a CD (compact disk), MO (magneto optical disk) and DVD (Digital Versatile Disc), and to access its data recording surface.

可移动介质主要用于以计算机可读形式备份软件程序和数据文件,并在系统之间传输软件程序和数据文件(用于销售、分发、传播和其它相似目的)。 Primarily for backup removable media software programs and data files in a computer-readable form, and the transmission system between software programs and data files (for sale, distribution, propagation and other similar purposes). 例如,可移动介质用于物理分发或传播客户端应用程序,所述客户端应用程序用于完成在内容分发商中的预注册,下载内容,获得许可证,储存内容,并在多个装置中执行各种其它操作服务和各种服务器应用程序。 For example, the removable medium for physical distribution or dissemination of a client application, the client application program for performing pre-registration of the content distribution provider, download content, a license is obtained, stored content, and the plurality of devices performing various other operations services and a variety of server applications. 可移动介质还用于在客户终端之间转移从内容分发商下载的内容。 Removable media between a client terminal is further configured to transfer the content downloaded from the content distributor. 进一步地,分发商使用可移动介质来交换或共享内容分发操作所要求的顾客相关信息(与顾客有关的信息、顾客所拥有的客户端、以及所购买的内容等)。 Furthermore, distributor using removable media to exchange or sharing of content distribution required for the operation of customer-related information (Customer-related information, customers have a client, and the purchased content, etc.).

图3示意性地示出用作客户端的主机的功能配置。 3 schematically shows as a functional configuration of the client host. 如图中所示,客户端包括预注册部分、内容下载部分、内容存储部分、内容转移过程部分、许可证获得和管理部分、记帐过程部分以及内容再现过程部分。 As shown, the client part includes a pre-registration, content downloading section, a content storage section, the content transfer process section, and obtaining the license management section, part of the billing process and a content reproduction process section. 当CPU 101执行预定的程序模块时,实际上是执行图中所示的功能模块。 When the CPU 101 executes a predetermined program modules, executed as shown in function block is actually in FIG.

预注册部分执行相对许可证服务器的预注册过程,假设客户端从特定分发商接收内容,并获得内容的许可证。 Pre-registration section performs pre-registration process is relatively license server, assuming the license client receives content from a particular distributor, and access to content. 预注册过程的细节在后面描述。 Details of the pre-registration process described later.

内容下载部分执行从分发商的内容服务器下载所希望内容的过程,其中,已对分发商执行预注册过程。 Download content distribution part of the implementation's server to download content from the desired content of the process in which the pre-registration process has been performed on the distributor. 在正常条件下,在用户从客户端浏览器屏幕选择内容之后,开始内容下载。 Under normal conditions, after the user selects content from the client browser screen, start downloading content. 内容下载过程不作详细描述,因为它是众所周知的。 Content download process is not described in detail since it is well known. 下载的内容储存在内容存储部分中。 Downloaded content stored in the content storage section.

许可证获得和管理部分从许可证服务器获得用于使用从内容服务器下载的内容所需的许可证,或用于使用通过内容转移过程部分而从相同用户的另一客户端获得的内容所需的许可证。 And obtaining the license management section required for a license to use the content downloaded from the content server from a license server, or for the desired use of the content obtained by the same user from another client by the content transfer process portion license. 进一步地,许可证获得和管理部分管理所获得的许可证以及在预注册时获得的信息。 Further, to obtain licenses and permits obtained management section management and information obtained during pre-registration.

如果获得的许可证过期,许可证获得和管理部分就执行与许可证服务器有关的许可证更新过程。 If you get a license expires, the license acquisition and management section on the implementation of the license renewal process associated with the license server. 许可证获得过程和许可证更新过程在后面详细描述。 The process of obtaining licenses and license renewal process is described in detail later.

当下载的内容转移(拷贝)到相同用户的另一客户端时,许可证获得和管理部分从许可证服务器获得内容拷贝证书。 When downloaded content transferred (copied) to another user when the same client terminal, and manage the license obtaining section obtains a certificate from the license server copy content. 另外,许可证获得和管理部分把所获得的内容拷贝证书的序列号记录为“已使用的内容拷贝证书”。 In addition, the license acquisition and management section to record the serial number of the certificate obtained copies of the content is "copy the contents of the certificate has been used." 内容拷贝证书获得过程在后面详细描述。 Copy the contents of the certificate to obtain the process described in detail later.

当从附加内容拷贝证书的另一客户端拷贝内容时,许可证获得和管理部分储存从内容拷贝证书获得的许可证。 When copying content from another copy of the client certificate end of the additional content, the license obtaining and storing the license management section obtained from the copy of the content certificate.

记帐过程部分连接到分发商的记帐服务器,并且基于获得内容使用(内容再现)许可证的价格和基于获得内容拷贝证书的价格而执行与支付有关的过程。 Billing process part connected to the distributor's billing server, and is based on the use of content obtained (content reproduction) price of the license and the process is executed based on price-related content to obtain a copy of the certificate and payment. 所述内容从内容服务器下载或通过内容转移过程部分而从相同用户的另一客户端获得。 Download the content or obtained from another client users the same part of the process by the content transfer from a content server.

在本实施例中,可对获得内容拷贝证书收费或不收费。 In the present embodiment, the certificate can be copied with or without charge to obtain content. 当对获得内容拷贝证书收费时,可使其价格变得比正常获得许可证的价格更低。 When obtaining a copy of the contents of the certificate fee, you can make the price even lower than the normal price of a license. 这些调整由有关的内容分发商制订,并由记帐服务器控制。 These adjustments related content developed by distributors, by the accounting server control.

内容再现过程部分从内容存储部分获得所希望的内容,使用储存在许可证获得和管理部分中的许可证(或从内容拷贝证书获得的许可证)而对加密内容数据进行解密和解码,并且执行用于再现内容的过程。 The content reproduction process section obtains desired content from the content storage section, a license (or a copy of the certificate obtained from the content license) is obtained and the license management section in the storage and use of the encrypted content data is decrypted and decoded, and executed a process for reproducing content. 执行内容再现过程,以使音乐数据发出声音或在显示屏幕上显示视频数据。 Performing a content reproduction process so that the musical sound data or video data displayed on a display screen.

内容转移过程部分在相同用户的客户端之间转移内容。 Partial transfer of the content transfer process between the same user content client. 当内容从一个客户端转移到另一客户端时,内容转移过程部分访问内容存储部分,以获得目标内容,在内容上附上从许可证服务器获得的内容拷贝证书,并且把内容写到可移动记录介质上,或通过有线或无线通信路径传输内容。 When the content is transferred from one client to another client, the content transfer process part to access the content storage section, to obtain the target content, content copy attached certificate obtained from the license server in the content, and writes the contents of the movable on a recording medium, or transmitted contents through a wired or wireless communication path.

相反,当从另一客户端获得转移的内容时,内容转移过程部分从插入的记录介质读取内容,或通过有线或无线通信路径接收内容。 Conversely, when acquiring the contents transferred from another client, the portion of the media content transfer process of the records read from insertion, or receive content via wired or wireless communication path. 以此方式转移的内容储存在内容存储部分中。 In this way the transfer of the contents stored in the content storage portion. 在此情况下,内容转移过程部分从附在内容上的内容拷贝证书获得许可证,并且在许可证获得和管理部分中储存许可证。 In this case, the content transfer process from the content portion of a license attached to the content on the copy of the certificate, and obtains the management section and the license stored in the license.

图4示意性地示出用作许可证服务器的主机的功能配置。 FIG 4 schematically illustrates the function for the license server host configuration. 如图中所示,许可证服务器包括预注册部分、许可证发放部分、许可证存储部分以及数据库管理部分。 As shown, the license server comprises a pre-registration portion license issuance section, storage section, and the license management database section. 当CPU 101执行预定的程序模块时,实际上是执行图中所示的功能模块。 When the CPU 101 executes a predetermined program modules, executed as shown in function block is actually in FIG.

预注册部分对客户端执行预注册过程,假设客户端使用分发商的内容分发服务。 Pre-registration section of the client to perform pre-registration process, assuming the client to use the content distributor's distribution service. 预注册过程在后面详细描述。 Pre-registration process described later in detail.

许可证存储部分储存从分发商提供内容所需的许可证。 License storage section stores provide the required licenses from the content distributor. 可使用许可证ID和其它的许可证指定信息来搜索每个许可证。 Licenses and other ID can be used to specify the license information to search for each license.

许可证发放部分访问许可证存储部分,以获得客户端使用下载内容所需的许可证,并且,把获得的许可证传送到产生许可证请求的客户端。 Licensing partial access license storage section to obtain a license to use the client download required, and to transfer the license obtained to generate client license requests. 进一步地,许可证发放部分向记帐服务器发出通知,因为将为所发放的许可证而对客户端记帐。 Further, part of the licensing notice to the billing server, since the issuance of the license and will bill the client. 许可证发放部分还具有在许可证上增加页ID的功能(用于处理从许可证存储部分获得的许可证的功能)。 Licensing portion further has an increased page ID in the license function (processing function for obtaining the license from the license storage section).

当用户从一个客户端向另一客户端转移内容时,许可证发放部分发放表示内容转移合法的内容拷贝证书。 When users move content from one client to another client, licensing part payment represents the transfer of the contents of legal copies of content certificate. 许可证发放部分向内容将从其转移的客户端传送证书。 Licensing part of the content transferred from a client transfer certificate. 结合内容拷贝证书的发放,许可证发放部分向记帐服务器发送通知,以进行客户端记帐。 Copy the contents of a certificate issued in conjunction with, the licensing portion of the notification is sent to the accounting server for client billing.

在本实施例中,可对获得内容拷贝证书收费或不收费。 In the present embodiment, the certificate can be copied with or without charge to obtain content. 当对获得内容拷贝证书收费时,可使其价格变得比正常获得许可证的价格更低。 When obtaining a copy of the contents of the certificate fee, you can make the price even lower than the normal price of a license. 这些调整由有关的内容分发商制订,并由记帐服务器控制。 These adjustments related content developed by distributors, by the accounting server control.

进一步地,许可证发放部分根据客户端更新已过期许可证的请求而执行许可证更新过程。 Further, part of the licensing process and the implementation of license update client update request has expired permit under. 许可证更新过程在后面详细描述。 License update process is described in detail later.

数据库管理部分利用操作数据库而注册预注册部分中的预注册条目、以及与许可证发放部分所发放许可证有关的信息。 Use database management part of the operation of the database pre-registered pre-registration entry registration section, as well as licensing information relating to license issuance section. 接着,数据库管理部分更新这些注册信息。 Then, the database management section to update the registration information.

图5示意性地示出用作内容服务器的主机的功能配置。 FIG 5 schematically illustrates the function of the host is used as a content server configuration. 如图中所示,内容服务器包括传送/接收部分、分发内容存储部分、内容去除部分以及加密部分。 As shown, the content server includes a transmission / reception section, distributing the content storage portion, and removing portions of the encrypted content portion. 当CPU 101执行预定的程序模块时,实际上是执行图中所示的功能模块。 When the CPU 101 executes a predetermined program modules, executed as shown in function block is actually in FIG.

传送/接收部分从客户端接收内容请求(用于确定内容的信息),并向请求客户端传送确定的内容数据。 Transmission / reception section receives the content request (for determining information content) from the client, and the client requests content data transfer determined.

分发内容存储部分储存和管理分发商操纵的内容数据,以提供分发服务。 Content distribution content data storage portion of the storage and management of distributors manipulated to provide distribution services. 在本实施例中,内容数据用ATRAC3(自适应传输音频编码3)格式编码,并储存在分发内容存储部分中。 In the present embodiment, the content data using the ATRAC3 (Adaptive Transmission Audio Coding 3) format encoding, distributed and stored in the content storage section.

内容去除部分分析用于确定内容的信息,从分发内容存储部分获得确定的内容,并向加密部分传递内容,其中,所述信息由传送/接收部分接收。 Removing a portion of the content analysis information for determining the content, obtaining content determined from the content distribution storage section, and encrypting part of the content delivery, wherein said information by the transmission / reception section receives.

加密部分使用内容密钥Kc对将要分发给客户端的内容进行加密。 Encrypted content key Kc using part of the content will be distributed to the client is encrypted.

数据库管理部分注册与对客户端执行的内容分发服务有关的信息。 Database management part of the registration and execution of client content distribution service related information. 接着,数据库管理部分更新此注册信息。 Then, the database management section to update this registration information.

在内容共享处理之前,客户端A和B分别访问许可证服务器A和B,以执行预注册过程。 Before sharing content processing, client access licenses A and B, respectively, server A and B, to perform the pre-registration process. 执行预注册过程,以获得“服务数据”,其中,服务数据包含页ID、DNK(装置节点密钥)、每个客户端的一对秘密密钥和公共密钥、许可证服务器公共密钥、以及每个公共密钥的证书。 Perform pre-registration process, in order to obtain "data service", where service data includes a pair of secret and public keys page ID, DNK (device node key), for each client, the license server public key, and each public key certificate.

页ID代表分配给每个客户端的标识信息。 Page ID represents identification information is assigned to each client. DNK是对加密内容密钥Kc解密所需的装置节点密钥,DNK包含在与客户端许可证相应的EKB(允许密钥块)之内。 DNK encrypted content key Kc is the required decryption device node key, DNK included in the license corresponding client EKB (allowing key block) within. DNK在WO说明书02/080446中描述,WO说明书02/080446是已经授予本发明申请人的专利。 DNK described in WO specification 02/080446, WO 02/080446 specification that has been granted patent applicant of the present invention. 然而,DNK未在此描述,因为它不与本发明的范围和精神直接相关。 However, DNK not described here, because it is not directly related to the scope and spirit of the invention.

图6为示出在客户端执行与许可证服务器有关的预注册程序时采取的处理步骤的流程图。 FIG 6 is a flowchart showing the processing steps taken at the client side, when the license server-related pre-registration procedures.

客户端向内容分发商的许可证服务器传送服务数据请求,因为客户端将在该许可证服务器中注册(步骤S1)。 The client's distribution license to the content delivery service server data request, because the client will be registered in the license server (step S1).

在从客户端接收服务数据请求时,许可证服务器为响应客户端的请求而向客户端传送用户信息请求(步骤S11)。 Upon receiving the service data request from a client, the license server in response to the request of the client user information request is transmitted (step S11) to the client.

在接收用户信息请求时,客户端使显示装置等显示用于提示用户信息输入的消息,并打开用户信息输入窗口(步骤S2)。 Upon receiving the user information request, the client display device or the like a message for prompting the input user information, and user information input window is opened (step S2). 当用户通过键盘、鼠标或其它输入装置而输入用户的个人信息、付款信息和其它用户信息时,输入的用户信息传送给许可证服务器(步骤S3)。 When the user input by the user through a keyboard, mouse or other input devices such as personal information, payment information and other user information, transmitting user information input to the license server (step S3). (在本实施例中,使用用户ID和口令进行验证。可替换地,可使用客户端ID[装置ID]进行验证[装置验证]。另一替代例是根据装置验证和用户验证的组合而处理用户信息。)在接收用户信息时,许可证服务器检查在具有分配给许可证服务器的类别的节点下的页,并把未分配的页分配给请求客户端。 (In the present embodiment, a user ID and password for authentication. Alternatively, the client can use the ID [ID device] to verify [validation means]. Another alternative embodiment is a device authentication and user authentication process in combination user information.) upon receiving the user information, the license server checks the page having assigned a node type of the license server, and to allocate to the requesting client unallocated page. 许可证服务器产生分配给节点的一组节点密钥,作为装置节点密钥DNK,其中,所述节点在页与具有分配给许可证服务器的类别的节点之间的路径中。 License server generates a set of nodes assigned to the key node, a node key DNK device, wherein, in the path between the node and the node having the pages assigned to categories in the license server. 接着,执行步骤S12,产生服务数据,其中,服务数据包含产生的DNK、分配给客户端的页的页ID、客户端的一对秘密密钥和公共密钥、许可证服务器的公共密钥、以及公共密钥证书。 Next, step S12, generating data services, which include data service DNK generated ID assigned to the client's page page, a public key client secret key and a public key, license server, and public key certificate. 随后,执行步骤S13,向请求客户端传送服务数据。 Subsequently, step S13, the client transmits requests to the service data.

在服务数据传送之后,许可证服务器在操作数据库中记录用户信息与页ID之间的关联,并写入预注册(步骤S14)。 After the data is transmitted, the license server records the association between the user and the page ID in the operation information database, and write pre-registration (step S14).

在从许可证服务器接收服务数据时,客户端对数据加密,并使许可证获得和管理部分储存数据(步骤S4)。 Upon receiving the service data from the license server, the client to encrypt the data, and the license obtaining and storing a data management section (step S4).

如上所述,许可证服务器注册客户端和用户。 As mentioned above, the license server and client registered users. 客户端现在可接收服务数据,其中,服务数据包含使用所希望内容分发服务所需的装置节点密钥。 Client now receives the service data, wherein the data comprises using the desired service content distribution service device node key required.

在本实施例中,每个分发商的操作数据库A和B拥有多个用于管理顾客相关信息的表格。 In the present embodiment, the operation of each distributor has a plurality of database tables A and B for managing the customer-related information. 内容服务器和其它相似的子系统可使用(如查询、增加条目和重写)所述表格,所述表格概括如下:(1)定义页ID与客户端ID之间关联的表格;(2)定义客户端ID与客户端公共密钥证书之间关联的表格;(3)定义客户端ID与用户ID之间关联的表格;(4)定义用户ID与用户口令之间关联的表格;(5)定义内容ID与许可证ID之间关联的表格;(6)定义用户ID与下载内容的内容ID(包括下载日期/时间和许可证ID)之间关联的表格;(7)定义用户ID与下载许可证的许可证ID(包括下载日期/时间)之间关联的表格;以及(8)内容拷贝证书发放的历史。 Content servers, and other similar subsystems may be used (e.g., queries, and add an entry to rewrite) the table, the table are summarized as follows: (1) define an association between the client ID and the page ID of the form; (2) defined table association between the public key certificate of the client ID and the client; association table (4) with a user defined password the user ID;; association table (3) defines a client ID and user ID (5) ID association table between the contents and the license ID defined; an association between (6) defines the download content ID and the content ID (including download date / time, and license ID) table; (7) define the user ID downloads form an association between the license ID of the license (including the download date / time); and (8) the contents copy certificate issued history.

安装操作数据库服务器C,从而,分发商可共享储存在操作数据库服务器A和B中的顾客相关信息的以下项目。 Database server C mounting operation, and thus, the following items can be shared distributor customer information stored in the operation database server A and B. 如果需要,分发商A和B可查询或更新以下信息:(1)定义页ID与客户端ID之间关联的表格;(2)定义客户端ID与客户端公共密钥证书之间关联的表格;(3)定义客户端ID与用户ID之间关联的表格;(4)定义内容ID与许可证ID之间关联的表格;(5)定义用户ID与下载内容的内容ID(包括下载日期/时间和许可证ID)之间关联的表格;以及(6)定义用户ID与下载许可证的许可证ID(包括下载日期/时间)之间关联的表格。 If desired, distributor A and B may update or query the following information: (1) define an association between the client ID and the page ID table; an association between the public key certificate (2) define the client with the client ID table ; association table (3) defines a client ID and a user ID; ID association between the table and the license ID (. 4) defines the content; (5) define the user ID and content ID of the download content (including download date / and the association between the table (6) defines the license ID and the license ID to download (including download date / time); association table between the time and the license ID),.

当客户端A获得的内容将要储存在客户端B中时,根据本实施例的内容分发系统在内容上增加“内容拷贝证书”,由此使客户端B可以标识。 When content client A is obtained to be stored in the client terminal B, when the content distribution system of this embodiment according to the increase of "copying the contents of the certificate" in the content, whereby the client B can be identified. 接着,允许客户端A和B共享内容,同时确保保护内容。 Next, the client allows the sharing of content A and B, while ensuring protection of the content.

如图1所示,通过执行程序P1-P6而实现以上内容共享,程序P1-P6在以下概括。 As shown in FIG. 1, is realized by executing the program sharing above P1-P6, P1-P6 in the procedure outlined below. 然而,假设客户端A已经从分发商购买将被转移的内容(或者客户端A已经获得内容的许可证)。 However, suppose Client A has purchased the content to be transferred from the distributor (or Client A license has been obtained content). 还假设许可证服务器A和B已经储存互相的秘密密钥。 It is also assumed License Server A and B each have a secret key storage. 而且,客户端的客户端ID与用户ID相关联,并记录在操作数据库中。 Further, the client client ID associated with the user ID and registered in the operation database.

P1:下载内容P2:下载许可证并再现内容P3:更新操作数据库中的信息P4:发放内容拷贝证书P5:在记录介质上拷贝内容和内容拷贝证书P6:执行用于获得内容的过程下面顺序描述这些程序。 P1: downloads P2: download license and reproduce content P3: update information in the database P4: copying the contents of the certificate issuing P5: copying the contents on the recording medium, and copying the contents of the certificate P6: performing a process for obtaining content sequence described below these programs.

下载内容图7为示出客户端A为下载内容而执行的处理步骤的流程图。 Downloads 7 is a flowchart illustrating processing steps of the customer A to be executed by the content downloading.

用户使用键盘、鼠标或其它输入装置来操作显示屏,以启动内容下载过程。 User using the keyboard, mouse or other input to operate the display means, to initiate a content download process. 为响应内容下载过程的启动,执行步骤S21,通过网络接口106访问内容服务器A。 In response to the content download process starts, execute step S21, the content access server 106 via the network interface A.

当如上所述地访问内容服务器A时,在客户端的显示屏上出现内容选择窗口(未示出)。 When as described above accesses the content server A, the content appears on the client display selection window (not shown). 用户利用键盘、鼠标或其它输入装置从内容选择窗口选择希望的内容。 The user using a keyboard, mouse, or other input device selection window to select a desired content from the content. 接着,客户端A把内容选择信息传递到内容服务器A(步骤S22)。 Next, the client A content selection information to the content delivery server A (step S22). 还向内容服务器A通知用户ID(步骤S23)。 Also notifies the user ID to the content server A (step S23).

如后面所述地,内容服务器A对与传递的内容选择信息一致的选择内容进行加密和传送。 As described later, the content server A selection of content information to select the same transmission content is encrypted and transmitted. 客户端A接收加密内容(步骤S24),并把所述内容储存在内容存储部分中(步骤S25)。 A client receives the encrypted content (step S24), and the content stored in the content storage portion (step S25).

图8为示出内容服务器为下载内容而执行的处理步骤的流程图。 FIG 8 is a flowchart showing process steps executed for downloading content from the content server.

内容服务器A在被客户端A访问之前一直待机(步骤S31)。 A content server before the client A accesses waits (step S31). 当内容服务器A发现被访问时,服务器A获得从客户端A传送的内容选择信息(步骤S32)。 When found to be accessed content server A, the server A is obtained from the client A transmits the content selection information (step S32). 内容选择信息与客户端A在图7流程图中步骤S22传递的信息相对应。 Content selection information with the client A step in the flowchart of FIG. 7 S22 corresponds to transmission.

随后,内容服务器A检查储存的内容,以读取由步骤S32中获得信息所确定的内容(步骤S33)。 Subsequently, the content server A checks the stored contents, to read the contents of information obtained by the step S32 is determined (step S33).

接着执行步骤S34,用内容密钥Kc对读取的内容加密。 Then perform step S34, with the content key Kc to encrypt the content read. 由于储存在分发内容存储部分中的内容数据已经用ATRAC3格式编码,因此,现在对编码的内容数据进行加密。 Since the content stored in distribution content data storage section ATRAC3 format encoding has been used, therefore, now encoded content data is encrypted. 如果内容数据事先被加密并储存在分发内容存储部分中,就可省略步骤S34。 If the content is previously encrypted and stored data in a distributed content storage portion, may be omitted step S34.

随后,执行步骤S35,从操作数据库A获得与内容ID相应的许可证ID。 Subsequently, step S35, the obtained content ID corresponding to the license ID from the operation database A. 接着执行步骤S36,在构成用于传送加密内容数据的格式的头部上增加密钥信息(在后面描述)和许可证ID,其中,密钥信息是对加密内容解密所需的,并且许可证ID标识使用内容所需的许可证。 Then perform step S36, the increase in the key information (described later) on the head and constituting the license ID format for transmitting the encrypted content data, wherein the key information is information necessary for decrypting encrypted content, and the license ID identifies the desired content using the license.

接着,在步骤S34中加密的内容和在步骤S36中增加密钥和许可证ID的头部被格式化,以产生数据。 Next, in step S34 the encrypted content in step S36 and increases as the head key and the license ID is formatted, to generate data. 以此方式产生的数据传送到请求客户端A(步骤S37)。 Transmitting data generated in this way to the requesting client A (step S37).

最后,执行步骤S38,从而,操作数据库A记录客户端A的用户ID和所传送内容的内容ID。 Finally, a step S38, and thus, the recording operation of the client A database A user ID and the content ID of the transmitted content. 执行同步过程,从而,在操作数据库C中反映记录在操作数据库A中的信息,并且,该信息还可由分发商B使用。 During the synchronization process, whereby, in operation information is reflected in the database A database C registered in the operation, and this information may be used by the distributor B.

图9示出当内容服务器A向客户端A分发内容时使用的典型数据格式。 Figure 9 shows a typical data format when the content server A A distributing content to the client. 如图中所示,所述格式包括头部和数据。 As shown, the format includes a header and data.

头部包括内容信息、许可证ID、允许密钥块(EKB)和数据KEKB(Kc),数据KEKB(Kc)作为用从EKB产生的密钥KEKB加密的内容密钥Kc。 Header includes contents information, a license ID, allowing key block (EKB) and data KEKB (Kc), of data KEKB (Kc) using the key as generated from the EKB KEKB encrypted content key Kc. EKB在WO说明书02/080446中描述,WO说明书02/080446是已经授予本发明申请人的专利。 EKB described in WO specification 02/080446, WO 02/080446 specification that has been granted patent applicant of the present invention. 然而,EKB未在此描述,因为它不与本发明的范围和精神直接相关。 However, EKB not described here, because it is not directly related to the scope and spirit of the invention.

内容信息包括内容ID(CID)和与应用到内容上的编解码方法有关的信息。 Content information includes a content ID (CID) information on encoding and decoding method and a content related to the application. 内容ID作为用于标识内容数据的标识信息,其中,内容数据被格式化为所述数据。 Content ID as identification information for identifying content data, wherein the content data is formatted for the data.

所述数据包括任意数量的加密块。 The data includes any number of encrypted blocks. 每个加密块包括初矢量(IV)、种籽、和数据EK′c(Data),其中,EK′c(Data)通过用密钥K′c对内容数据进行加密而获得。 Each encryption block including initial vector (IV), seeds, and data EK'c (Data), wherein, EK'c (Data) obtained by encrypting content data using the key K'c.

如以下方程式所表示地,密钥K′c包括内容密钥Kc和用作用到种籽上的散列函数计算的值,其中,种籽由随机数设定。 As indicated by the following equation, including the value of the key K'c content key Kc and use a hash function applied to the calculation of the seeds, wherein the seeds set by the random number.

K′c=Hash(Kc,Seed)初矢量(IV)和种籽设定为因加密块而变化的值。 K'c = Hash (Kc, Seed) First vector (IV) and seed set to a value that varies by encryption block.

对于划分为8字节片段的内容数据,对每个8字节片段执行以上加密过程。 For the 8-byte segments divided content data, the encryption process is performed for more than 8 bytes per segment. 以CBC(密码块链接)模式进行加密,在CBC模式中,用前8字节的加密结果对后8字节进行加密。 Encrypted to CBC (Cipher Block Chaining) mode, CBC mode, the encryption result by encrypting the first 8 bytes of the 8 bytes.

当以CBC模式对前8字节内容数据时,没有先前8字节的加密结果可用。 When the CBC mode of the first eight octets of the content data, the result not previously encrypted 8 bytes available. 因而,前8字节内容数据用作为初始值的初矢量(IV)进行加密。 Thus, the first 8 bytes of the contents data encrypted with the initial vector as an initial value (IV).

即使在以CBC模式进行加密的情况下对一个加密块进行解密,其它加密块也仍旧不受此解密的影响。 Decrypting the encrypted block even in a case where encrypted in the CBC mode, also affect the other encryption block decryption is still not affected by this. 加密过程序列在WO说明书02/080446中描述,WO说明书02/080446是已经授予本发明申请人的专利。 Encryption process sequence is described in WO specification 02/080446, WO 02/080446 specification that has been granted patent applicant of the present invention. 然而,加密过程序列未在此描述,因为它不与本发明的范围和精神直接相关。 However, the encryption process sequence is not described here, because it is not directly related to the scope and spirit of the invention. 加密方法不局限于以上。 The encryption method is not limited to the above. 可替换地,可简单地用内容密钥Kc对内容数据进行加密。 Alternatively, the content may simply be encrypted using the content key data Kc.

如上所述,客户端A可自由地从内容服务器A获得内容。 As described above, the client A can freely obtain content from the content server A. 为了使用(再现)内容,必需单独获得内容的许可证。 In order to use (reproduce) the content, a license necessary for obtaining content alone. 因而,在本实施例中,对许可证的获得收费,但内容的分发就变为不收费。 Thus, in this embodiment, to obtain a license fee, but the distribution of content becomes free of charge. 这意味着内容是免费的,并可大量分发。 This means that the content is free, and mass distribution.

下载许可证并再现内容图10为示出客户端A为再现下载内容而执行的处理步骤的流程图。 Download the license and reproducing the content 10 is a flowchart showing a processing procedure to reproduce the client downloads content A performed.

首先,客户端A获得与用户已经用键盘、鼠标或其它输入装置指定的内容有关的标识信息(CID)(步骤S41)。 First, the client identification information of the user A obtained has been designated by the keyboard, mouse or other input device related to the content (the CID) (step S41). 以此方式获得的标识信息例如包括内容标题和分配给每个储存内容的编号。 Identification information obtained in this way include, for example assigned to each content title and content stored number.

当指定内容时,读取与内容相应的许可证ID(使用内容所需的许可证标识信息)。 When the designated contents, reads the license corresponding to the content ID (identification information of the license to use the desired content). 如图9所示,许可证ID写在加密内容数据的头部中。 9, the license ID written in the header of the encrypted content data.

接着,执行步骤S42,以判断与所读取许可证ID相应的许可证是否已经由客户端获得并储存在许可证获得和管理部分中。 Next, performing step S42, to judge whether the read license ID corresponding to the license has been obtained and stored by the client in the license management section. 如果还未获得许可证,就前进到步骤S43,以执行许可证获得过程(在后面描述)。 If the license has not been obtained, it proceeds to step S43, the license to execute the obtaining process (described later).

如果在步骤S42中判断已经获得许可证或者如果因在步骤S43中执行许可证获得过程而得到许可证,就执行步骤S44,以判断所获得的许可证是否已经过期。 If it is determined in step S42 or if the license has been obtained by the implementation of the license obtaining process in step S43 to obtain a license, to perform step S44, to judge whether the obtained license has expired. 此判断可通过比较客户端系统计时器保持的当前时间与定义为许可证元素的有效日期(在后面描述)来表达。 This determination may be maintained by comparing the client system is defined as the current time and timer expiration date of the license element (described later) is expressed.

如果判断许可证已经过期,就前进到步骤S45,执行许可证更新过程(在后面描述)。 If it is determined that the license has expired, it proceeds to step S45, the license update process is performed (described later).

如果在步骤S44中判断许可证仍然有效或者如果在步骤S45中更新许可证,就执行步骤S46,以判断许可证是否合法。 If the license is still valid is determined in step S44 or if the license update in step S45, performs step S46, to determine whether the license is legitimate. 包含在许可证中的电子签名(在后面描述)检查许可证有效性。 It included in the license electronic signature (described later) to check the validity of the license. 如果许可证是非法的,就执行出错处理过程(步骤S47),以终止全部处理程序。 If the license is illegal, error process is executed (step S47), to terminate all handler. 可替换地,执行出错处理过程,以便重新获得合法的许可证。 Alternatively, the execution error process, in order to regain a valid license.

如果在步骤S46中判断许可证是合法的,就执行步骤S48,从内容存储部分中读取相关的加密内容数据。 If it is determined in step S46 that the license is legal, execute step S48, the associated encrypted content read from the content data storage section. 接着,用内容密钥Kc对加密内容数据进行解密(步骤S49)。 Next, decrypts the encrypted content data using content key Kc (step S49). 对布置在图9所示数据部分中的每个加密块进行此解密。 For each encrypted block is arranged in the data portion shown in FIG. 9 this is decrypted.

进一步地,对解密内容数据进行解码,以执行内容再现过程(步骤S50)。 Further, the decryption of the content data is decoded to perform the content reproduction process (step S50). 执行内容再现过程,以便使音乐数据发出声音或在显示屏上显示视频数据。 Executing the content reproduction process, so that the musical sound data or video data displayed on the display screen.

图11为示出在图10所示流程图的步骤S43中执行的许可证获得过程的细节的流程图。 FIG 11 is a diagram illustrating a license to perform step S43 in the flowchart shown in FIG. 10 is a flowchart showing details of the process is obtained.

如前面所述,客户端A已经访问许可证服务器A,以完成注册过程并获得服务数据,所述服务数据包含页ID、DNK(装置节点密钥)、客户端A的一对秘密密钥和公共密钥、许可证服务器的公共密钥、以及公共密钥证书(参见图6)。 As previously described, client A has accessed the license server A, to complete the registration process and to obtain service data, the service data includes a secret key page ID, DNK (device node key), and the client A public key, the public key of the license server, as well as a public key certificate (see Figure 6).

页ID代表分配给每个客户端的标识信息。 Page ID represents identification information is assigned to each client. DNK是对加密内容密钥Kc解密所需的装置节点密钥,DNK包含在与客户端许可证相应的EKB(允许密钥块)之内。 DNK encrypted content key Kc is the required decryption device node key, DNK included in the license corresponding client EKB (allowing key block) within.

首先,客户端A操作用户的键盘、鼠标或其它输入装置来输入用户ID、口令、以及指定将被更新的许可证的信息(步骤S61和S62)。 First, the client A operates a user's keyboard, mouse or other input device to input a user ID, password, and designated to be updated license information (steps S61 and S62).

其次,客户端A向许可证服务器B传送许可证请求,除了包含在服务数据内的页ID之外,所述许可证请求还包含输入的用户ID、口令以及许可证指定信息(步骤S63)。 Next, the client A sends a license request to the license server B, in addition to the page ID data contained in the service, the license request further comprises a user input ID, password, and license designation information (step S63).

许可证服务器A根据用户ID、口令和许可证指定信息而发放许可证。 A license server and issue licenses based on user ID, password, and license specific information. 接着,服务器A向请求客户端A传送许可证。 Next, the server A to the requesting client terminal A transfer license. 许可证服务器A执行的许可证提供过程在后面详细描述。 License A license server providing procedures performed is described in detail later.

如果客户端A可从许可证服务器A接收许可证(步骤S64),许可证获得和管理部分就储存许可证(步骤S65)。 If the client can receive the license A (step S64) from the license server A, and the license is obtained to store the license management section (step S65).

另一方面,如果客户端A不能从许可证服务器A接收许可证(步骤S64),就执行预定的出错处理过程(步骤S66),以终止全部处理程序。 On the other hand, if client A can not receive the license (step S64) A from the license server, performs a predetermined error process (step S66), to terminate all processing program. 通常,可执行出错处理过程来禁止启动内容再现部分,因为不能获得内容使用的许可证。 In general, perform error handling process to prohibit the start content reproduction part, because they can not obtain a license to use the content.

如上所述,客户端A获得与附在内容数据上的许可证ID相应的许可证,并且现在能使用内容。 As described above, the client A and the obtained license attached to the content data corresponding to the license ID, and the content can be used now.

可在内容下载之前,而不是在内容下载之后,执行图11所示的许可证获得过程。 Before the content can be downloaded, rather than after downloading content, license shown in Figure 11 to obtain execution process.

图12示意性地示出许可证服务器提供给客户端的许可证的数据结构。 FIG 12 schematically shows the data structure of the license the license server to the client. 如图中所示,许可证包括使用条件、页ID和许可证服务器电子签名。 As shown, the license includes usage conditions, the license server page ID and the electronic signature.

使用条件包含:与使用期有关的许可证信息,在所述使用期中,许可证允许使用内容;与下载周期有关的许可证信息,在所述下载周期中,许可证允许内容被下载;许可证允许内容被拷贝的次数(最大允许拷贝次数);检验次数;最大检验次数;在CD-R等记录介质上记录内容的权利;内容拷贝到可移动记录介质上的次数;许可证所有权的转变(内容的购买);进行使用记录的义务。 Use conditions include: the use of license-related information, in the period of use, allows the use of the content license; license-related information download period, the download period, the license allows the content to be downloaded; License the number of permitted copies of the content (the maximum allowable number of copies); test times; the maximum number of inspection; rights of content recorded on a recording medium, a CD-R; number of times to copy the contents of the removable recording medium; permit transition of ownership ( purchase content); the obligation to use the records.

图13是示出许可证服务器A为根据客户端A的许可证请求向客户端A提供许可证而执行的处理步骤的流程图(图11所示流程图的步骤S63)。 FIG 13 is a flowchart of the license server A process steps executed (step of the flowchart shown in FIG. 11 S63) providing a license according to the license request to the client A client A.

许可证服务器A在被客户端A访问之前一直待机(步骤S71)。 A license server before being A client has access to standby (step S71). 当被客户端A访问时,许可证服务器A请求客户端A传送用户ID、口令和许可证ID。 When the access client A, client A requests the license server A transmits the user ID, password, and license ID. 接着,执行步骤S63,以响应许可证服务器A的请求,从而,客户端A向许可证服务器A传送用户ID、口令、页ID和许可证指定信息(许可证ID)。 Next, performing step S63, the response to a request to license server A, whereby the license server to the client A A transmits user ID, password, and license designation information page ID (license ID). 接着,许可证服务器A获得此传送(步骤S72)。 Next, the license server transmits this obtained A (step S72).

随后,许可证服务器A请求操作数据库A基于用户ID和口令而执行检查过程(步骤S73),以判断客户端A是否合法(步骤S74)。 Subsequently, the license server A requests a database operation A based on the user ID and password checking process is performed (step S73), to determine the legality of the client A (step S74). 如果检查过程不成功,就执行预定的出错处理过程(步骤S75),以终止全部处理程序。 If the checking process is unsuccessful, it performs a predetermined error process (step S75), to terminate all processing program. 在此情况下,许可证服务器A不向客户端A发放许可证。 In this case, the license server A does not grant a license to the client A.

另一方面,如果检查过程成功,许可证服务器A就访问记帐服务器A,并请求记帐服务器A执行信贷过程(步骤S76)。 On the other hand, if the checking process is successful, the license server A accesses the billing server A, and requests the accounting server A execute the credit process (step S76). 按照许可证服务器A的信贷过程请求,记帐服务器A检查过去的付款记录和与用户ID和口令有关的其它相关历史,以检查不良用户记录,如用户没有为许可证付款(步骤S77)。 A credit process in accordance with the license server requests, billing server A check past payment records and other relevant historical and relevant user ID and password to check for bad user records, such as the user does not pay for the license (step S77).

如果例如因为不良支付记录而发现信用是不合适的,记帐服务器A就向许可证服务器A传送表示不授予许可证的信用结果。 If, for example because of poor payment records and found that credit is not appropriate, billing server A says that the result does not grant credit license A license server to transmit. 为响应传送的信用结果,许可证服务器A执行预定的出错处理过程(步骤S78),并终止全部处理程序。 In response to the transmitted credit result, the license server A performs a predetermined error process (step S78), and terminates the entire processing procedure. 在此情况下,不向客户端A发放许可证。 In this case, not to grant a license to the client A.

另一方面,如果发现信用是允许的,就从许可证存储部分获得与许可证指定信息相应的许可证(步骤S79)。 On the other hand, if it is found the credit is allowed, the license information is obtained to specify the corresponding license (step S79) from the license storage section. 在储存于许可证存储部分中的许可证内,写入许可证ID、版本、创建日期/时间、有效期和其它相关的信息。 In the license stored in the license storage section, write to the license ID, version, creation date / time, duration and other relevant information.

许可证服务器A在获得的许可证上增加页ID(步骤S80)。 A server license increase page ID (step S80) on the license obtained.

随后,许可证服务器A选择与许可证有关的使用条件(步骤S81),或者,如果在许可证请求时由用户指定使用条件,指定的条件就根据需要而增加到准备的使用条件中。 Subsequently, the server license A license associated with the use of selection conditions (step S81), or, if requested by the user specified in the license condition, it is necessary to specify conditions and increased usage conditions of preparation. 接着,所选的使用条件增加到许可证上。 Subsequently, added to the selected conditions permit.

随后,如图12所示,许可证服务器A通过用其自己的秘密密钥把电子签名附加到许可证上而产生许可证(步骤S82)。 Subsequently, as shown in FIG. 12, the license server A generates a license (step S82) attached to the license by using its own secret key to the electronic signature. 接着,许可证服务器A向请求客户端A传送产生的许可证(步骤S83)。 Next, the license server to the requesting client A transmits the generated license A (step S83) ends.

接着,许可证服务器A使传送的许可证(包括使用条件和页ID)与用户ID和口令相关联,并储存该许可证。 Next, the license server transmits the license to make A (including the use conditions and the page ID) and a user password associated with the ID, and stores the license. 进一步地,许可证服务器A访问操作数据库服务器A,使所传送许可证的许可证ID与用户ID相关联,并记录该许可证ID(步骤S84)。 Further, operation of the license server A accesses the database server A, that the license ID and the user ID associated with the transfer of the license, and records the license ID (step S84). 执行同步过程,从而,在操作数据库C中反映记录在操作数据库A中的信息,并且,该信息可由分发商B使用。 During the synchronization process, whereby, in operation information is reflected in the database A database C registered in the operation, and the information used by the distributor B.

最后,许可证服务器A访问记帐服务器A,并请求对与用户ID和口令相应的用户执行记帐过程(步骤S85)。 Finally, the license server A accesses billing server A, and the request to perform the billing process (step S85) with the user ID and password for the corresponding user.

根据以上记帐过程请求,记帐服务器A对用户执行记帐过程。 According to the above process the billing request, the billing server A performs a billing procedure for the user. 例如,记帐服务器A可提供例如基于信用卡的信用结算、基于付款卡的中间结算、电子货币付款、现金付款以及通过金融机构转帐付款。 For example, the billing server A can provide, for example based credit settlement credit card settlement based on the intermediate payment cards, electronic money payment, cash payment and funds transfer by financial institutions. 然而,记帐过程的类型不作进一步描述,因为它不与本发明的范围和精神直接相关。 However, the type of the billing process is not further described since it is not directly relevant to the scope and spirit of the invention.

如果用户不根据记帐过程付款,用户就损失他/她的信用,并且,即使他/她将来请求许可证发放,也不会获得许可证。 If the user does not pay according to the billing process, users will lose his / her credit, and, even if he / she will request a license issued, it will not get a license. 更具体地,如果用户损失他/她的信用,记帐服务器就传送上述信用结果,以表示不能授予许可证。 More specifically, if a user lost his / her credit, credit accounting server transmits the results to indicate that the license can not be granted. 从而,许可证服务器执行步骤S78中的出错处理过程。 Thus, the error handling process to step S78 license server. 出错处理过程产生表示例如不能向请求客户端授予许可证的消息,随后终止。 Generating error process, for example, indicates a message can not be granted a license to the requesting client, then terminate. 请求客户端不能使用内容(实现解密),因为它不能接收许可证。 Requesting client can not use the content (to achieve decryption), because it can not receive a license.

图14是示出客户端为执行图10所示流程图的步骤S45中与许可证服务器有关的许可证更新过程而采取的程序的细节的流程图。 14 is a diagram illustrating the client is a flowchart showing details of the program executes the step S45 of the flowchart of the process of updating the license related to the license server 10 shown taken.

首先,客户端A操作用户的键盘、鼠标或其它输入装置来输入许可证指定信息、用户ID和口令(步骤S91和S92)。 First, the client A operates a user's keyboard, mouse or other input device to input the license designation information, user ID and password (step S91 and S92).

其次,客户端A向许可证服务器传送许可证更新请求,该请求包含输入的用户ID、口令和许可证指定信息(步骤S93)。 Next, client A license update request is transmitted to the license server, the request comprising a user input ID, password, and license designation information (step S93).

许可证服务器A提供响应许可证更新请求的使用条件(在后面描述)。 A license server provides a response using the license condition update request (described later). 接着,客户端A接收提供的使用条件,并向用户显示所述条件(步骤S94)。 Subsequently, client A receives the usage conditions supplied to the display condition of the user (step S94).

用户操作键盘、鼠标或其它输入装置,从显示在屏幕上的使用条件中选择希望的使用条件,和/或根据需要增加希望的使用条件。 User operates the keyboard, mouse, or other input device to select the desired conditions of use in the on-screen display from the conditions of use, and / or increase the desired conditions of use required. 接着,用于购买以此方式选择的使用条件(许可证更新条件)的申请传送到许可证服务器A(步骤S95)。 Next, the application for purchase conditions selected in this manner (the license update condition) is transmitted to the license server A (step S95).

为响应客户端A的购买申请,许可证服务器A传送最终使用条件(在后面描述)。 In response to the client terminal A later application, the license server A sends end-use conditions (described later). 接着,客户端A从许可证服务器A接收使用条件(步骤S96),并使用所述条件作为更新的许可证使用条件(步骤S97)。 Next, the client receives from the license server A use condition A (step S96), and using the updated license condition as a use condition (step S97).

图15为示出许可证服务器在图10(图14)所示流程图的步骤S45中为更新过期许可证而执行的过程的细节的流程图。 FIG 15 is a diagram illustrating (FIG. 14) flowchart showing details of a process flow chart of step S45 is performed to update the license expired license server 10 as shown in FIG.

当客户端A访问许可证服务器A(步骤S101)时,许可证服务器A接收从客户端A传送的上述许可证更新请求(步骤S102)。 When the client A accesses the license server A (step S101), the license server receives the license update request A (step S102) A transmitted from the client.

接着,许可证服务器A访问许可证存储部分,读取与更新请求所指定许可证相应的使用条件(将被更新的使用条件),并向请求客户端A传送读取的使用条件(步骤S103)。 Next, the license server A accesses the license storage section, reads the update request corresponding to the usage conditions (usage conditions to be updated) to specify a license, usage conditions and requests the read client terminal A transmits (Step S103) .

客户端A向用户显示接收的使用条件。 A client receives the display conditions to the user. 接着,用户操作键盘、鼠标或其它输入装置,从显示在屏幕上的使用条件中选择希望的使用条件,和/或根据需要增加希望的使用条件。 Next, the user operates a keyboard, a mouse or other input device to select the desired conditions from the displayed screen on the conditions of use, and / or increase the desired conditions of use required. 接着,用于购买以此方式选择的使用条件(许可证更新条件)的申请传送到许可证服务器A(如较早前描述)。 Next, the application for purchase conditions selected in this manner (the license update condition) is transmitted to the license server A (as described earlier).

当从客户端A接收使用条件购买申请时,许可证服务器A产生与该申请所指定使用条件相应的数据,并把产生的数据传送给客户端A(步骤S104)。 When receiving from the client application for later use condition A, A license server generated the designated application corresponding use condition data, and transmits the generated data to the client A (step S104). 客户端A从许可证服务器A接收使用条件,并使用所述条件作为更新的许可证使用条件(如较早前描述)。 A client A receives from the license server usage conditions, and using the updated license condition as a use condition (as described earlier).

现在结合图21概括客户端根据从许可证服务器提供的许可证而使用从内容服务器提供的内容的过程的机制。 Now in conjunction with Figure 21 summarizes the client mechanisms to use the content provided from the content server under license from the license server process.

内容服务器向客户端提供内容,并且,许可证服务器向客户端提供许可证。 Content server provides content to the client, and license server provides licenses to clients. 用内容密钥Kc对内容进行加密(Enc[Kc,Contents])。 Encrypted (Enc [Kc, Contents]) of the content using the content key Kc. 用根密钥KR(根密钥KR从EKB得到,并与图9所示内容数据内的密钥KEKBC相对应)对内容密钥Kc加密(Enc[KR,Kc])。 (Root key KR obtained from the EKB, the key KEKBC and the content data shown in FIG. 9 corresponds) with the root key KR encrypted key Kc (Enc [KR, Kc]) to the content. 内容密钥Kc与EKB一起被加密,并且增加到内容上,它们随后提供给请求客户端。 EKB and the content key Kc is encrypted together and added to the contents, which are then provided to the requesting client.

在图21所示实例中表示的EKB包含根密钥KR(Enc[DNK,KR]),根密钥KR可用例如如图22所示的DNK进行解密。 EKB shown in the example illustrated in FIG. 21 comprises a root key KR (Enc [DNK, KR]), the root key KR can be used such as that shown in FIG. 22 DNK for decrypting. 从而,客户端可使用包含在服务数据内的DNK而从EKB获得根密钥KR。 Thus, clients can use the DNK included in service data to obtain the root key KR from the EKB. 进一步地,根密钥KR可用于实现解密,从Enc(KR,Kc)得到内容密钥Kc。 Further, the root key KR may be used to implement the decryption key Kc to obtain content from Enc (KR, Kc). 接着,内容密钥Kc可用于实现解密,从加密内容Enc(Kc,Content)得到内容。 Next, the content decryption key Kc may be used to implement, to obtain the content from the encrypted content Enc (Kc, Content).

更新操作数据库中的信息当在客户端A和内容分发商A之间执行内容下载或许可证下载时,它的信息记录在分发商A内的操作数据库A中。 Update information in the database when the operation between the client A and content distributors A license to perform content download or download, it's the information recorded in the distribution business operations A database A. 为了在根据本实施例的内容分发系统中在相同顾客的客户端A和B之间实现内容共享,分发商A和B协作,从而,在操作数据库C中反映操作数据库A的信息更新,并且所述信息更新也可用于分发商B。 To the content distribution system of the present embodiment is implemented in content sharing, distribution A and B collaboration between the same customer client A and B, in accordance with such, the operation information reflected in the database C A database update operation, and the also be used to update said information distributor B.

当完成从分发商A到客户端A的内容下载或许可证下载时,操作数据库A和C更新以下表格中的相关条目:(1)定义页ID与客户端ID之间关联的表格;(2)定义客户端ID与客户端公共密钥证书之间关联的表格;(3)定义客户端ID与用户ID之间关联的表格; Upon completion of the A from the distributor to the client or to download a license A content download, database operations A and C to update the relevant entry in the table below: Table association between (1) the definition of the page ID and client ID; (2 ) define the client ID and the client forms an association between the public key certificate; association table (3) defines a client ID and a user ID;

(4)定义内容ID与许可证ID之间关联的表格;(5)定义用户ID与下载内容的内容ID(包括下载日期/时间和许可证ID)之间关联的表格;(6)定义用户ID与下载许可证的许可证ID(包括下载日期/时间)之间关联的表格。 The association between the ID table and license ID (. 4) defines the content; an association between (5) identifies the user ID and content ID of the download content (including download date / time and license ID) table; (6) defines ID and download the license license ID (including downloading date / time) form the association between.

发放内容拷贝证书在发放内容拷贝证书时,客户端A已经购买旨在从分发商转移的内容(或获得相关许可证)。 Copy the contents of a certificate issued at the time of issuing copies of the content certificate, the client A has purchased is intended to divert from the distributor's (or obtain the relevant license). 为了让客户端B使用下载到客户端A中的内容,获得“内容拷贝证书”。 For clients to use the B content is downloaded to the client A, to obtain "a copy of the contents of the certificate." 内容拷贝证书允许一个客户端把内容拷贝到另一客户端。 Copy the contents of a certificate allowing the client to copy the contents of another client.

图16是示出客户端A为从许可证服务器A获得内容拷贝证书而执行的处理步骤的流程图。 FIG 16 is a flowchart showing a processing procedure for obtaining the content A client certificate from the license server A copy executed.

用户利用键盘、鼠标或其它输入装置操作显示屏,以启动内容拷贝证书发放过程。 The user using a keyboard, mouse or other input device operates the display to start copying the contents of the certificate issuing process. 为响应内容拷贝证书发放过程的启动,执行步骤S111,以通过网络接口106访问许可证服务器A。 Copy the contents of the certificate issued in response to the startup process is executed step S111, the access to the license server 106 via the network interface A.

当如上所述地访问许可证服务器A时,在客户端的显示屏上出现内容选择窗口(未示出)。 When accessing a license server as described above A, appears on the client display content selection window (not shown). 用户利用键盘、鼠标或其它输入装置从内容选择窗口选择希望的内容,并输入许可证ID和拷贝目标客户端(此情况下为客户端B)的客户端ID。 The user using a keyboard, mouse or other input device selection window to select a desired content from the content, and enter the license ID and the copy destination client (client B in this case) the Client ID. 接着,客户端A向许可证服务器A传送内容选择信息、许可证ID和拷贝目标客户端ID(步骤S112)。 Next, select the information to the client A transmits the content A license server, the license ID and the copy destination client ID (step S112). 进一步地,客户端A向许可证服务器A通知它自己的用户ID和口令(步骤S113)。 Further, the client A notifies its own user ID and password (step S113) to the license server A.

接着,许可证服务器A向客户端A发放内容拷贝证书并传送该证书。 Next, license server A client A copy of the certificate issuance and transfer the contents of the certificate. 客户端A接收(步骤S114)并储存(步骤S115)传送的内容拷贝证书。 A client receives (step S114) and stores the copy of the content certificate (step S115) transmission.

图17为示出许可证服务器A为响应客户端A的请求发放内容拷贝证书而执行的处理步骤的流程图。 FIG 17 is a flowchart showing process steps A license server in response to client requests ends A copy of the content certificate issuing executed.

许可证服务器A在被客户端A访问之前一直待机(步骤S121)。 A license server before being A client has access to standby (step S121). 当许可证服务器A被客户端A访问时,许可证服务器A请求客户端A传送内容选择信息、许可证ID、用户ID、口令和拷贝目标客户端ID。 When A is accessed the license server client A, client A requests the license server A transmits the content selection information, a license ID, a user ID, password, and copy destination Client ID. 按照此请求,客户端A执行步骤S112和S113,以传送请求的信息。 According to this request, the client A performs steps S112 and S113, information transmission request. 接着,许可证服务器A获得请求的信息(步骤S122)。 Next, the license server A obtains information request (step S122).

随后,许可证服务器A请求操作数据库服务器A对用户ID和口令执行检查过程(步骤S123),以判断客户端A是否合法(步骤S124)。 Subsequently, the license server A requests the database server A performs the operation checking process (step S123) to the user ID and password to determine whether a valid client A (step S124). 如果检查过程不成功,就执行预定的出错处理过程(步骤S125),以终止全部处理程序。 If the checking process is unsuccessful, it performs a predetermined error process (step S125), to terminate all processing program. 在此情况下,不向客户端A发放内容拷贝证书。 In this case, it does not issue certificates to copy the contents of the client A.

另一方面,如果在步骤S124中执行的检查过程成功,许可证服务器A就请求操作数据库服务器A执行检查过程(步骤S126),以判断客户端A是否已经购买所选内容(是否已经获得有关的许可证)(步骤S127)。 On the other hand, if the checking process performed in step S124 is successful, the license server A requests the database server A performs the operation checking process (step S126), to determine whether the client has purchased the selected content A (whether obtained relevant licenses) (step S127).

如果以上检查过程不成功,就执行预定的出错处理过程(步骤S128),以终止全部处理程序。 If the above inspection process is unsuccessful, it performs a predetermined error process (step S128), to terminate all processing program. 在此情况下,不向客户端A发放内容拷贝证书。 In this case, it does not issue certificates to copy the contents of the client A. 可执行步骤S127中的出错处理过程,以获得合法的许可证。 Executable steps S127 error process in order to obtain a valid license.

另一方面,如果步骤S127中的检查过程成功地进行,就请求操作数据库服务器C执行检查过程(步骤S129),以判断客户端A的用户是否真地拥有客户端B,客户端B用在步骤S122中接收的客户端ID表示(步骤S130)。 On the other hand, if the inspection process in step S127 performed successfully on the database server C performs the requested operation checking process (step S129), to determine whether the user of the client A client B has really, client B used in step received in S122 indicates the client ID (step S130).

如果检查过程不成功,就执行预定的出错处理过程(步骤S131),以终止全部处理程序。 If the checking process is unsuccessful, it performs a predetermined error process (step S131), to terminate all processing program. 在此情况下,不向客户端A发放内容拷贝证书。 In this case, it does not issue certificates to copy the contents of the client A. 可执行步骤S131中的出错处理过程,以重新预注册客户端B。 Error process executable step S131, in order to re-pre-registered client B.

另一方面,如果步骤S130中的检查过程成功地进行,就请求操作数据库服务器A执行确认过程(步骤S1332),以判断是否发放内容拷贝证书以允许请求客户端A把内容拷贝到客户端B(步骤S133)。 On the other hand, if the check process in step S130 successful, it requests the database server A performs operation confirmation process (step S1332), determines whether to issue a certificate to allow copying the contents requesting client A copy of the contents to the client B ( step S133).

如果以上检查过程不成功,就执行预定的出错处理过程(步骤S134),以终止全部处理程序。 If the above inspection process is unsuccessful, it performs a predetermined error process (step S134), to terminate all processing program. 在此情况下,不向客户端A发放内容拷贝证书。 In this case, it does not issue certificates to copy the contents of the client A.

另一方面,如果步骤S133中的检查过程成功地进行,就访问操作数据库服务器C,以获得客户端B的页ID(步骤S135)。 On the other hand, if the check process in step S133 successful, the operation accesses the database server C, to obtain a page ID of the client B (step S135). 接着执行步骤S136,以获得与在步骤S122中获得的许可证ID相应的许可证信息。 Then perform step S136, the license ID obtained to obtain in the step S122 corresponding to the license information. 随后,根据获得的许可证信息和客户端B的页ID而执行步骤S137,以创建允许客户端B使用内容的许可证。 Subsequently, step S137 is performed according to page B-side ID information and customer licenses obtained to allow the client to create content using the B license. 所创建的许可证的结构如图12所示。 Structure permits created as shown in Fig.

接着,许可证服务器A使用许可证服务器B的秘密密钥,在创建的许可证上附加电子签名(步骤S138)。 Next, license server A license server using a secret key of B, additional electronic signature (step S138) on the license was created.

接着,使用在步骤S122中获得的信息来创建内容拷贝证书,并且,通过使用许可证服务器B的秘密密钥而在该证书上附加电子签名(步骤S139)。 Next, using the information obtained in step S122 to create a copy of the contents of the certificate, and, by using the secret key of the license server and the additional electronic signature B (step S139) in the certificate. 许可证服务器A和B具有互相的秘密密钥(在前面描述)。 License servers A and B each have a secret key (described earlier).

随后,许可证服务器A向请求客户端A传送附加电子签名的内容拷贝证书(步骤S140)。 Subsequently, the license server to the requesting client A transmitting additional copies of the content certificate A digital signature (step S140).

最后,访问操作数据库服务器A,以记录所传送内容拷贝证书、内容ID、用户ID与拷贝目标客户端B的页ID之间的关联(步骤S141)。 Finally, the database server access operations A, in order to record the copy of the content transfer certificate, the association between the ID B in the page (step S141) content ID, user ID and the copy destination client. 执行同步过程,从而,在操作数据库C中反映记录在操作数据库A中的信息,并且,该信息还可由分发商B使用。 During the synchronization process, whereby, in operation information is reflected in the database A database C registered in the operation, and this information may be used by the distributor B.

在本实施例中,可对获得内容拷贝证书收费或不收费。 In the present embodiment, the certificate can be copied with or without charge to obtain content. 当对获得内容拷贝证书收费时,可使其价格变得比正常获得许可证的价格更低。 When obtaining a copy of the contents of the certificate fee, you can make the price even lower than the normal price of a license. 这些调整由有关的内容分发商制订,并由记帐服务器控制。 These adjustments related content developed by distributors, by the accounting server control.

当对发放内容拷贝证书收费时,例如在步骤S139和S140之间执行记帐过程。 When copying the content certificate issuing charges, for example billing procedure performed between step S139 and S140. 现在描述记帐过程。 Billing procedure is now described.

许可证服务器A访问记帐服务器A,以请求信贷过程。 A license server to access the accounting server A, to request the credit process. 按照许可证服务器A的信贷过程请求,记帐服务器A检查过去的付款记录和与用户ID和口令有关的其它相关历史,以检查不良用户记录,如用户没有为许可证付款(步骤S77)。 A credit process in accordance with the license server requests, billing server A check past payment records and other relevant historical and relevant user ID and password to check for bad user records, such as the user does not pay for the license (step S77). 如果发现信用是可允许的,就对与用户ID和口令相应的用户执行记帐过程。 If the credit is allowable found, performs a billing procedure with the user ID and password for the corresponding user.

另一方面,如果例如因为不良支付记录而发现信用是不合适的,记帐服务器A就向许可证服务器A传送表示不授予内容拷贝证书的信用结果。 On the other hand, if, for example because of poor payment records and found that credit is not appropriate, billing server A says that the result does not grant credit certificate copy the contents of A to transfer the license server. 为响应传送的信用结果,许可证服务器A执行预定的出错处理过程,并终止全部处理程序。 In response to the transmitted credit result, the license server A performs a predetermined error process, and terminate all processing program. 在此情况下,不向客户端A发放内容拷贝证书。 In this case, it does not issue certificates to copy the contents of the client A.

图18示意性地示出许可证服务器发放的内容拷贝证书的数据结构。 FIG 18 schematically illustrates the data structure of the license server copy the contents of the certificate issued. 如图中所示,内容拷贝证书主要包括证书序列号、将被拷贝的内容的内容ID、许可证以及电子签名。 As shown, the content certificate includes copying the certificate serial number, the contents ID of the copied content, licenses, and electronic signatures.

用注册拷贝目标客户端(在此情况下,为客户端B)的许可证服务器(在此情况下,为许可证服务器B)的秘密密钥对许可证进行电子签名(在前面描述)。 With registered copies of the target client (in this case, client B) of the license server (in this case, the license server B) secret key to permit electronic signatures (described earlier).

用与三个值有关的许可证服务器B的秘密密钥创建电子签名,所述三个值为证书序列号、内容ID和许可证。 Creating license server secret key B and the three values ​​associated electronic signature, the certificate serial number is three, the content ID and license.

由于用许可证服务器B的秘密密钥签许可证和电子签名,因此,通过使用许可证服务器B的公共密钥,有可能实现对拷贝目标客户端B的解密。 Due to signed license and electronic signature with the secret key of the license server B, and therefore, by using the license server B's public key to decrypt the copy it is possible to achieve the target client B.

在记录介质上拷贝内容和内容拷贝证书为了确保还可在客户端B中使用下载到客户端A中的内容,用附加的内容拷贝证书转移所述内容。 Copying the contents and copy the contents of the certificate on the recording medium may also be used in order to ensure that the client B, client A content downloaded to the transfer of the content with additional copies of the content certificate.

在图1所示实例中,下载的内容拷贝到可移动记录介质上,接着,该介质插入到客户端B中,以转移所述内容。 In the example shown in FIG. 1, the downloaded content is copied to the removable recording medium, then the medium is inserted to the client B, to transfer the content.

在以上情况中,在客户端A执行过程,以便从内容存储部分获得内容,并把内容写到记录介质上。 In the above case, the execution of the client A, so as to obtain the content from the content storage section, and write the contents of the recording medium. 在客户端B执行过程,以便读取记录在记录介质上的内容,并把内容储存到内容存储部分中。 B during execution of the client, in order to read the content recorded on the recording medium, and the contents stored in the content storage portion.

用于把没有许可证的内容从一个客户端转移到另一客户端的方法不局限于以上。 The method used to transfer the contents without a license from a client to another client is not limited to the above. 可替换地,用户可通过有线或无线通信链接,来取代使用记录介质,在用户的客户端之间转移内容。 Alternatively, the user may be via a wired or wireless communication link, instead of using a recording medium, transfer of content between the user's client. 进一步地,如果某个用户的一个客户端购买内容,相关的内容分发商就可自动地把内容分发到相同用户所拥有的另一客户端。 Further, if a customer's end users to purchase a content, relevant content distributors can automatically distribute the content to another client owned by the same user.

图19为示出由客户端A执行的客户端之间内容转移处理步骤的流程图,其中,客户端A是内容转移源。 FIG 19 is a flowchart showing the content between the client A client executing transfer processing step, wherein the client A is the content transfer source.

首先,执行步骤S151,访问内容存储部分,获得将被转移的内容数据,并把内容数据拷贝到记录介质上。 First, step S151, accesses the content storage section, obtains the content data to be transferred, and copy content data onto a recording medium.

其次,通过执行上述程序而获得的内容拷贝证书拷贝到记录介质上(步骤S152)。 Next, copy the contents of the certificate obtained by executing the above program is copied to the recording medium (step S152).

接着,删除客户端A内的内容拷贝证书(步骤S153)。 Next, remove the client certificate in the copy of the content A (step S153).

执行以上内容拷贝证书删除过程,以防止证书在事先获得允许之前被复制,或防止证书被非法使用。 Implementing the above copy of the certificate removal process to prevent the certificate being copied before obtaining prior permission or certificate to prevent unauthorized use. 从而,如果没有安全问题,就省略步骤S153。 Thus, if there is no security problem, omit step S153.

执行用于获得内容的过程当记录介质插入到客户端A中并在内部获得时,客户端B可使用内容,其中,在记录介质上拷贝内容数据和内容拷贝证书。 Process for obtaining content execution when the recording medium is inserted into the client A is obtained and when the internal client B may use the content, wherein the content data copying and copy the contents of the certificate on the recording medium.

图20为示出客户端B为获得内容而执行的处理步骤的流程图,其中,客户端B是内容拷贝目的地。 FIG 20 is a flowchart showing a processing procedure to obtain the content client B executed, in which the client B is the content of the copy destination.

客户端B首先从插入的记录介质获得内容数据和内容拷贝证书,并储存数据和证书(步骤S161)。 Client B first obtains content data and copy the contents of the certificate from the recording medium is inserted, and stores data and credentials (step S161).

随后,用许可证服务器B的公共密钥检查附加到内容拷贝证书上的电子签名(步骤S162),以检查电子签名是否正确,即核实内容拷贝证书不是伪造的(步骤S163)。 Then, attach the electronic signature (step S162) copy the contents of the certificate on the public key used to check the license server B to check the electronic signature is correct, that is, to verify the contents copy certificate is not forged (step S163).

如果发现电子签名不正确或内容拷贝证书是伪造的,查询步骤S163就回答“是”,并前进到步骤S164。 If you find incorrect electronic signature or copy the contents of the certificate is forged, step S163 queries answered "Yes", and proceeds to step S164. 在步骤S164中,执行预定的出错处理,以终止全部处理程序。 In step S164, a predetermined error processing to terminate all processing routine. 在此情况下,客户端B不能使用内容,因为未从内容拷贝证书获得相关的许可证。 In this case, the client can not use the B content, because not obtain the relevant license from copies of the content certificate.

另一方面,如果发现电子签名正确,就使用内容拷贝证书的序列号来检查相同内容拷贝证书的使用(步骤S165),即确定内容拷贝证书是否曾被使用(步骤S166)。 On the other hand, if the electronic signature is found correct, the certificate serial number to check the contents of the copy content using the same copy of the certificate (step S165), i.e., it determines whether the content certificate having been used in the copy (step S166).

如果已经使用相同的内容拷贝证书,查询步骤S166就回答“是”,并前进到步骤S167。 If you have a copy of the certificate with the same content, step S166 queries answered "Yes", and proceeds to step S167. 在步骤S167中,执行预定的出错处理,以终止全部处理程序。 In step S167, the process performs a predetermined error to terminate all processing routine. 在此情况下,客户端B不能使用内容,因为未从内容拷贝证书获得相关的许可证。 In this case, the client can not use the B content, because not obtain the relevant license from copies of the content certificate.

另一方面,如果未曾使用相同的内容拷贝证书,就执行步骤S168,以检查从记录介质获得的内容的内容ID是否与写在内容拷贝证书上的内容ID吻合,即,确定这些内容ID是否匹配(步骤S169)。 On the other hand, if not used the same copy of the content certificate, performs step S168, in order to check the content ID acquired from the content recording medium is consistent with the copy of the content written in the content ID certificate, i.e., determine whether the content ID matches (step S169).

如果内容ID不匹配,查询步骤S169就回答“否”,并前进到步骤S170。 If the content ID does not match, the query in step S169 will answer "No", and proceeds to step S170. 在步骤S170中,执行预定的出错处理,以终止全部处理程序。 In step S170, a predetermined error processing to terminate all processing routine. 在此情况下,客户端B不能使用内容,因为未从内容拷贝证书获得相关的许可证。 In this case, the client can not use the B content, because not obtain the relevant license from copies of the content certificate.

另一方面,如果内容ID匹配,就从内容拷贝证书获得并储存许可证(步骤S171)。 On the other hand, if the content ID matches, the license is obtained and stored (step S171) from a copy of the content certificate.

接着,在内容的头部上增加所获得许可证的许可证ID(步骤S172),并且在内容存储部分中储存得到的内容。 Subsequently, increasing the license ID (step S172) obtained in the head of the content license, and the contents stored in the content storage section is obtained in the. 结果,从记录介质获得的内容数据的拷贝是与图9中所示相同的格式。 As a result, copying the contents of data obtained from the recording medium 9 is shown in the same format as FIG. 从而,内容再现过程部分可通过执行正常的内容再现过程而再现内容(在前面描述,并在图10中表示)。 Thus, the content may be reproduced by a reproduction process section performs normal reproduction of the content and the content of the process (described previously and shown in FIG. 10).

最后,在客户端B中,内容拷贝证书的序列号记录为“已使用的内容拷贝证书”(步骤S173)。 Finally, client B, the sequence number is recorded copy of the content certificate is "copy the contents of the certificate have been used" (step S173).

优选地,与步骤S163、S166和S169相应的内容拷贝证书有效性检查的算法实施为防止窜改的过程。 Preferably, the step S163, the copy of the content certificate corresponding to S166 and S169 to check the validity of the algorithm according to the process of preventing tampering.

当通过采用上述处理步骤而获得内容数据时,客户端B通过执行图10中所示的内容再现过程而再现内容。 When content data is obtained by using the above-described process steps, performed by the client B contents shown in FIG. 10 and the reproducing process reproduces the content.

首先,客户端B获得用户用键盘、鼠标或其它输入装置输入的内容标识信息(CID)(步骤S41)。 First, the client obtains the user B using the keyboard, mouse, or other content identification information input apparatus (the CID) (step S41). 当以上述方式指定内容时,读取与内容相应的许可证ID。 When the content specified in the above manner, the read license corresponding to the content ID.

接着,执行步骤S42,以检查客户端是否已经获得与所读取许可证ID相应的许可证并储存在许可证获得和管理部分中。 Next, performing step S42, to check whether the client has obtained the license corresponding to the license ID and the read and stored in the license management section.

如果未获得相应的许可证,程序流就前进到步骤S43,并执行许可证获得过程。 If the appropriate license is not obtained, the program flow proceeds to step S43, and performs the process of obtaining a license. 然而,在此阶段中,从内容拷贝证书中获得的许可证储存在许可证获得和管理部分中。 However, at this stage, to obtain a license from the content stored in a copy of the certificate and license management section. 从而判断是否已经获得许可证。 To determine whether the license has been obtained.

随后,执行步骤S44,以判断许可证是否仍然有效。 Subsequently, steps S44, to determine whether the license is still valid. 如果判断许可证已经过期,程序流就前进到步骤S45,并执行许可证更新过程。 If it is determined that the license has expired, the program flow proceeds to step S45, and executes the license renewal process. 客户端B通过采取如图14中所示的处理步骤而执行许可证更新过程。 B client license update process is performed by taking the processing steps shown in FIG. 14.

如果在步骤S44中发现许可证仍然有效或者如果在步骤S45中更新许可证,就执行步骤S46,以判断许可证是否合法。 If you find that the license is still valid or if in step S44 to update the license in step S45, performs step S46, to determine whether the license is legitimate. 如果许可证非法,就执行出错处理(步骤S47)。 If a license is illegal, error processing is executed (step S47).

如果在步骤S46中发现许可证是合法的,就执行步骤S48,从内容存储部分读取相关的加密内容数据。 If you find that the license is valid, on the implementation of step S48, the encrypted content read the relevant data from the content storage section in step S46. 接着,执行步骤S49,用内容密钥Kc对加密内容数据进行解密。 Next, performing step S49, the encrypted content data is decrypted using the content key Kc. 对布置在图9所示数据部分中的每一个加密块进行此解密。 For each encrypted block arranged in the data portion shown in FIG. 9 this is decrypted.

进一步地,前进到步骤S50,对解密的内容数据进行解码,并执行内容再现过程。 Further, the process proceeds to step S50, the decrypted content data decoding, and executing the content reproduction process.

补充虽然已经结合特定实施例详细描述本发明,但本领域中的技术人员应该明白,只要不偏离本发明的范围和精神,就可进行变化。 Supplementary Although specific embodiments in conjunction with the present invention in detail, those skilled in the art will appreciate, without departing from the scope and spirit of the invention, can be varied. 描述的实施例在所有方面都被认为只是示例性的,而不是限制性的。 Described embodiments are to be considered in all respects as merely illustrative, and not restrictive. 从而,本发明的范围由后附权利要求表示,而不是由前面的描述表示。 Accordingly, the scope of the invention being indicated by the appended claims rather than by the foregoing description.

工业应用本发明提供优秀的内容分发系统、使用内容的信息处理设备或方法、以及使许可用户能从多个装置使用内容同时防止非法使用内容的计算机程序。 Industrial Applicability The present invention provides excellent content distribution system, the information processing apparatus or method of use of content, and causing a user from a plurality of licensing content device using a computer program while preventing illegal use of contents.

进一步地,本发明允许可连接到它们各自内容分发商的各个客户端共享所述客户端购买的内容。 Further, the present invention allows the customer may be connected to each their respective side shared content distributors of content purchased by the client. 当某个客户端购买的内容将由另一客户端使用时,相关的内容分发商、版权所有人等可自行确定所述内容是否收费或不收费。 When the contents of a client purchase of another client by using relevant content distributors, and other copyright holders are free to determine whether the content with or without charge.

如果在第二客户端共享第一客户端所购买的内容时进行记帐,本发明就可简单地通过使用第二客户端而执行记帐过程。 If the billing for the second client of the first client to share content purchased, the present invention can be simply a billing procedure performed by using a second client. 结果,为顾客提供的用户友善性增强。 As a result, users provide customers with friendly enhancements.

当由一个客户端设定或更新再现环境信息(如再现列表、再现设定[音量设定、重复再现设定等]、GUI窗口、以及用于将被购买的音乐作品的书签)时,本发明确保在另一客户端中反映此信息。 When a client or set by updating the reproduction environment information (e.g. play list reproduction setting [volume setting, repeat reproduction settings, etc.], the GUI window, and a piece of music to be purchased by the bookmark), the present invention ensures that this information is reflected in the other client.

Claims (13)

1.一种向用户的客户端分发内容的内容分发系统,其中,用户可拥有两个或多个客户端,并且每个客户端根据获得的许可证而合法地使用所述内容,所述内容分发系统包括:注册部件,所述注册部件用于注册用户的每个客户端并获得与顾客相关的信息;用于管理顾客相关信息的顾客相关信息管理部件;内容提供部件,所述内容提供部件根据客户端的请求而向客户端提供内容;许可证提供部件,所述许可证提供部件根据客户端的请求而向已经获得所述内容的客户端提供用于从所述内容提供部件获得内容的许可证;以及内容拷贝证书提供部件,所述内容拷贝证书提供部件向转移源客户端提供表示内容从用户的一个客户端转移到另一客户端合法的内容拷贝证书。 1. A method of distributing content to a client user content distribution system, wherein the user can have two or more clients, and each client according to licenses legitimately obtained by using the content, the content distribution system comprising: a registration member, the registration member for each client registered user terminal and obtain information related to the customer; customer-related information for managing customer information management section; content providing means providing the content member the client's request to provide content to the client; means the licenses, the license providing means for providing a license from the content providing means to obtain content has been obtained in accordance with the content of the client requesting client ; copy of the certificate and a content providing means providing the content certificate copy content represented member provided to the transfer source client user moves from one client to another client legal copies of content certificates.
2.如权利要求1所述的内容分发系统,其中,所述内容拷贝证书提供部件产生内容拷贝证书,所述证书包含用于转移目标客户端的许可证。 2. The content distribution system according to claim 1, wherein the content copy generation copy of the content certificate provided by member certificate, the certificate comprising a license transfer destination client.
3.如权利要求1所述的内容分发系统,其中,内容转移源客户端和内容转移目标客户端在不同的许可证提供部件中注册,从而,每个许可证提供部件向注册客户端提供各自的公共密钥,并且其中,所述内容拷贝证书提供部件用注册内容转移目标客户端的许可证提供部件的秘密密钥对内容拷贝证书电子签名。 3. The content distribution system according to claim 1, wherein the content transfer source client and the destination client to provide content transfer member in a different license registration, thereby providing a license for each member to provide respective registered client public key, and wherein the content providing means providing copies of the secret key certificate to member certificate electronic signature content copying destination client license transfer with the registration contents.
4.如权利要求1所述的内容分发系统,其中,所述内容拷贝证书提供部件从所述内容转移源客户端获得与将被转移内容有关的许可证ID以及转移目标客户端的客户端ID;向所述顾客相关信息管理部件发送查询,以核实转移源客户端是否合法,并核实转移源客户端是否已经获得将被转移内容的许可证,并进一步核实拥有转移源客户端的用户是否真地拥有转移目标客户端;接着,提供内容拷贝证书。 4. The content distribution system according to claim 1, wherein said transfer means provide content certificate copy source client ID and obtain a license to be transferred with the transfer target content related to the client ID from the client the content; send a query to the customer-related information management unit, to verify the legality of the transfer source client and verify whether the transfer source client has to obtain a license will be transferred content, and further verify whether the client has transferred the source of the user really have branch target client; Next, copy the content providing certificate.
5.如权利要求1所述的内容分发系统,其中,所述顾客相关信息管理部件管理以下表格:定义页ID与客户端ID之间关联的表格;定义客户端ID与客户端公共密钥证书之间关联的表格;定义客户端ID与用户ID之间关联的表格;定义内容ID与许可证ID之间关联的表格;定义用户ID与下载内容的内容ID之间关联的表格;定义用户ID与下载许可证的许可证ID之间关联的表格;以及内容拷贝证书发放的历史。 ; Define client ID and a client public key certificate associated with the page ID is defined between a client ID table: 5. The content distribution system of claim 1 wherein said customer information table management section manages the following claims, form an association between; form an association between the definition of client ID and user ID; correlation table between ID and license ID definition content; association between the ID form content-defined user ID and downloadable content; defining user ID form the link between the license ID and download the license; and a copy of the certificate issued by the historical content.
6.如权利要求1所述的内容分发系统,其中,所述内容提供部件每次向客户端提供内容时,和/或所述许可证提供部件每次向客户端提供许可证时,所述顾客相关信息管理部件都更新顾客相关信息。 6. The content distribution system according to claim 1, wherein the content providing means providing the content to each client, and / or when the license providing means provides each license to the client, the customer related information management section is updated customer information.
7.如权利要求1所述的内容分发系统,进一步包括记帐过程部件,所述记帐过程部件根据对客户端的许可证提供和/或内容拷贝证书提供而对客户端执行记帐过程。 7. The content distribution system according to claim 1, further comprising the billing process member, the end of the billing process member performs a billing procedure in accordance with the client to provide a license to the client and / or copy the content certificates provided.
8.如权利要求5所述的内容分发系统,其中,所述记帐过程部件对许可证提供记帐的金额与对内容拷贝证书提供记帐的金额不同。 The content distribution system as claimed in claim 5, wherein said accounting process means for accounting the amount providing the license and the content of the billing amounts to provide different copies of the certificate.
9.一种使用内容的信息处理设备,包括:用于下载内容的内容下载部件;用于储存内容的内容存储部件;用于获得内容使用许可证的许可证获得部件;借助获得的许可证而合法使用内容的内容再现部件;用于获得转移内容的内容拷贝证书的内容拷贝证书获得部件;以及内容转移部件,所述内容转移部件把内容拷贝证书附加到储存在所述内容存储部件中的内容上,把内容转移到相同用户所拥有的另一装置上,或者从相同用户拥有的其它装置获得附加内容拷贝证书的内容,核实内容拷贝证书的有效性,获得许可证,并在所述内容存储部件中储存内容。 9. A method of using content information processing apparatus, comprising: means for downloading content downloading content; content storage means for storing content; content use license obtaining means for obtaining a license; licenses being obtained by is legal use of the content reproducing means; means for copying the contents of the certificate to obtain content transfer copies of content certificate obtaining means; and a content transfer means, the content transfer means copies the contents stored in the certificate attached to the content in the content storage means , the contents transferred to another device owned by the same user, or to obtain additional content copy content certificate from another device owned by the same user, the certificate verifying the validity of the content copy, the license is obtained, and stored in the content components stored content.
10.如权利要求9所述的信息处理设备,其中,所述信息处理设备在许可证服务器上注册,以接收许可证服务器的公共密钥,其中,用许可证服务器的秘密密钥对内容拷贝证书电子签名,并且其中,所述内容转移部件使用所述许可证服务器的公共密钥检查内容拷贝证书是否是伪造的,其中,内容拷贝证书附加到在外界获得的内容数据上。 10. The information processing apparatus according to claim 9, wherein said information processing apparatus registered in the license server, the license server receives the public key, wherein the secret key with a license server to copy the contents of whether the electronic signature certificate, and wherein the content transfer member using the license server's public key certificate is forged check the contents of the copy, which copy the contents of the certificate attached to the content data obtained from the outside.
11.一种使用内容的信息处理方法,包括:下载内容的内容下载步骤;储存内容的内容存储步骤;获得内容使用许可证的许可证获得步骤;借助获得的许可证而合法使用内容的内容再现步骤;获得用于转移内容的内容拷贝证书的内容拷贝证书获得步骤;以及内容转移步骤,所述内容转移步骤把内容拷贝证书附加到在所述内容存储步骤中储存的内容上,把内容转移到相同用户所拥有的另一装置上,或者从相同用户拥有的其它装置获得附加内容拷贝证书的内容,核实内容拷贝证书的有效性,获得许可证,并储存内容。 The information processing method using a content, comprising: a step of downloading the download content; a content storage step of storing the content; license obtaining step of obtaining a license to use the content; content by using the license legitimately acquired the content reproduction step; copy the contents of the certificate to obtain content copying for transferring the contents of the certificate obtaining step; and a content transfer step, said content transfer step copies the contents of the certificate attached to the content stored in the content storing step, the contents transferred to a another device owned by the same user, or to obtain additional content copy content certificate from another device owned by the same user, the certificate verifying the validity of the content copy, the license is obtained, and stored content.
12.如权利要求11所述的信息处理方法,进一步包括在许可证服务器上注册并接收许可证服务器的公共密钥的步骤,其中,用许可证服务器的秘密密钥对内容拷贝证书电子签名,并且其中,所述内容转移步骤使用所述许可证服务器的公共密钥检查内容拷贝证书是否是伪造的,其中,内容拷贝证书附加到在外界获得的内容数据上。 12. The information processing method according to claim 11, further comprising the step of a public key and registration on the license server receives the license server, wherein, using the secret key of the license server to copy the contents of the electronic signature certificate, whether and wherein the step of transferring the content using the license server's public key certificate is forged check the contents of the copy, which copy the contents of the certificate attached to the content data obtained from the outside.
13.一种用于提供内容使用许可证的方法,其中,用户可拥有两个或多个客户端,并且每个客户端根据获得的许可证而合法地使用所述内容,所述方法包括以下步骤:获得与将从内容转移源客户端转移的内容有关的许可证ID以及内容转移目标客户端的客户端ID;判断内容转移源客户端是否合法,并判断内容转移源客户端是否已经获得将被转移内容的许可证,并进一步判断拥有内容转移源客户端的用户是否真地拥有内容转移目标客户端;创建内容拷贝证书;以及向内容转移源客户端提供内容拷贝证书。 13. A method for providing a license to use the content, wherein the user may have two or more clients, and each client according to licenses legitimately obtained by using the content, said method comprising steps of: obtaining and transfer content from the source client in relation to the transfer of the license ID and content transfer client ID of the target client; determine the contents of the transfer source client is legal, and determine whether the contents of the transfer source client has received will be transfer the contents of the license, and has further determine whether the contents of the transfer source user of the client really has the content transfer target clients; create a copy of the contents of the certificate; and transferring the source client to provide content to copy the contents of the certificate.
CN 200380100361 2003-01-23 2003-12-24 Contents delivery system, information processing apparatus or information processing method and computer program CN1326053C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2003014245A JP3791499B2 (en) 2003-01-23 2003-01-23 Content delivery system, the information processing apparatus or the information processing method, and computer program

Publications (2)

Publication Number Publication Date
CN1692339A CN1692339A (en) 2005-11-02
CN1326053C true CN1326053C (en) 2007-07-11

Family

ID=32767387

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200380100361 CN1326053C (en) 2003-01-23 2003-12-24 Contents delivery system, information processing apparatus or information processing method and computer program

Country Status (7)

Country Link
US (1) US20050144019A1 (en)
EP (1) EP1586999A1 (en)
JP (1) JP3791499B2 (en)
KR (1) KR20050101108A (en)
CN (1) CN1326053C (en)
AU (1) AU2003296093A1 (en)
WO (1) WO2004066154A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009030158A1 (en) * 2007-08-28 2009-03-12 Huawei Technologies Co., Ltd. Content sharing method, server and system

Families Citing this family (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050138407A1 (en) * 2003-12-19 2005-06-23 Nitu Choudhary Method and apparatus to manage digital rights
EP1700182B1 (en) * 2003-12-30 2009-06-17 Wibu-Systems AG Authorization code recovering method
US7711868B2 (en) * 2004-11-23 2010-05-04 Microsoft Corporation Waking a main computer system to pre-fetch data for an auxiliary computing device
EP1819162A4 (en) * 2004-11-30 2010-04-14 Nec Corp Video/audio recording system, video/audio recording device, receiving device, video/audio recording method, and video/audio management program
US20060143126A1 (en) * 2004-12-23 2006-06-29 Microsoft Corporation Systems and processes for self-healing an identity store
US20060155716A1 (en) * 2004-12-23 2006-07-13 Microsoft Corporation Schema change governance for identity store
US7529931B2 (en) * 2004-12-23 2009-05-05 Microsoft Corporation Managing elevated rights on a network
US7607164B2 (en) * 2004-12-23 2009-10-20 Microsoft Corporation Systems and processes for managing policy change in a distributed enterprise
JP4701733B2 (en) * 2005-02-04 2011-06-15 パナソニック株式会社 Management server, equipment and license management system,
US7533808B2 (en) * 2005-02-09 2009-05-19 Yuh-Shen Song Privacy protected cooperation network
US8407746B2 (en) * 2005-02-16 2013-03-26 Qwest Communications International Inc. Wireless digital video recorders—content sharing systems and methods
US8590000B2 (en) * 2005-02-16 2013-11-19 Qwest Communications International Inc. Wireless digital video recorder
US8613037B2 (en) * 2005-02-16 2013-12-17 Qwest Communications International Inc. Wireless digital video recorder manager
KR100917997B1 (en) * 2005-02-22 2009-09-18 (주)엠더블유스토리 The new reconstruction method of original files which supports managements of copyrights and the P2P system and the copy detection system based on this method
US7540014B2 (en) 2005-02-23 2009-05-26 Microsoft Corporation Automated policy change alert in a distributed enterprise
WO2006095726A1 (en) * 2005-03-11 2006-09-14 Brother Kogyo Kabushiki Kaisha Information distribution system, node device, and release data issuing method, etc.
JP4760101B2 (en) 2005-04-07 2011-08-31 ソニー株式会社 Content providing system, content reproduction apparatus, a program, and a content reproducing method
KR100754189B1 (en) * 2005-11-01 2007-09-03 삼성전자주식회사 Information storage medium recording digital contents, method and system for managing digital contents
JP4765574B2 (en) * 2005-11-18 2011-09-07 ブラザー工業株式会社 Content distribution system, a content receiving apparatus, and program
KR20080074954A (en) * 2005-12-05 2008-08-13 톰슨 라이센싱 Method and apparatus for key distribution for secure digital cinema presentations
US20070157317A1 (en) * 2005-12-30 2007-07-05 Microsoft Corporation XML schema for service provisioning
EP2458888A3 (en) * 2006-01-03 2013-09-25 Samsung Electronics Co., Ltd. Method and apparatus for importing content
KR100856404B1 (en) 2006-01-03 2008-09-04 삼성전자주식회사 Method and apparatus for importing a content
US20070260551A1 (en) * 2006-01-13 2007-11-08 Andreas Eckleder Media Burning Terminal and System for Providing Digital Content
KR100791289B1 (en) 2006-01-31 2008-01-04 삼성전자주식회사 Method and apparatus for using DRM contents temporally
US8978154B2 (en) * 2006-02-15 2015-03-10 Samsung Electronics Co., Ltd. Method and apparatus for importing content having plurality of parts
KR100782847B1 (en) * 2006-02-15 2007-12-06 삼성전자주식회사 Method and apparatus for importing content which consists of a plural of contents parts
US20070199015A1 (en) * 2006-02-22 2007-08-23 Microsoft Corporation System for deferred rights to restricted media
KR20080106440A (en) * 2006-04-05 2008-12-05 가부시키가이샤 훼이스 Content providing system
KR100925731B1 (en) * 2006-04-05 2009-11-10 엘지전자 주식회사 Method and device for transferring rights object in drm
KR100819495B1 (en) * 2006-04-11 2008-04-07 엘지전자 주식회사 Authorization method for moving rights object in drm and device thereof
CN101496341B (en) 2006-07-27 2011-11-30 松下电器产业株式会社 A terminal apparatus, a server apparatus and a content distribution system
US7895311B1 (en) * 2006-11-17 2011-02-22 Arthur W. Juenger Content distribution systems
US20080147530A1 (en) * 2006-12-19 2008-06-19 Kwan Shu-Leung Programmatically transferring applications between handsets based on license information
CN101286994B (en) 2008-05-19 2012-07-04 北京大学 Digital literary property management method, server and system for content sharing within multiple devices
JP2010061252A (en) * 2008-09-02 2010-03-18 Panasonic Corp Server, client, license management system, and license management method
US9268735B2 (en) * 2008-09-30 2016-02-23 Oracle America, Inc. Loadable and modular conditional access application
CN101458747B (en) * 2008-12-24 2011-09-14 华为终端有限公司 Method and apparatus for providing digital copyright list
JP4884509B2 (en) * 2009-09-29 2012-02-29 株式会社ソニー・コンピュータエンタテインメント Content management server, content management systems, and content management method
ES2628224T3 (en) * 2010-05-21 2017-08-02 Sfnt Germany Gmbh Method for controlling the execution of an application on a computer system
JP5473146B2 (en) * 2010-12-24 2014-04-16 東芝テック株式会社 Software protection method
US20140150115A1 (en) * 2012-11-28 2014-05-29 Apple Inc. Assigning electronically purchased items of content to users
US9424405B2 (en) 2012-11-28 2016-08-23 Apple Inc. Using receipts to control assignments of items of content to users
WO2015048389A1 (en) * 2013-09-26 2015-04-02 Krimmeni Technologies, Inc. Systems and methods for establishing and using distributed key servers
US9893769B2 (en) * 2013-12-03 2018-02-13 Sony Corporation Computer ecosystem with temporary digital rights management (DRM) transfer
CN103747051A (en) * 2013-12-24 2014-04-23 深圳市领华卫通数码科技有限公司 Service platform of vehicle-mounted terminal
CN105024970B (en) * 2014-04-18 2018-07-13 中国电信股份有限公司 The control method for application data is copied, system, client and server
KR101636709B1 (en) * 2014-07-25 2016-07-20 주식회사 드림시큐리티 System for providing connection information using identifier generation based on personal information, method of providing connection information, and apparatus for the same
CN106961413A (en) * 2016-01-08 2017-07-18 广州市动景计算机科技有限公司 Content distribution method and device, electronic device and content distribution system

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000123095A (en) * 1998-08-12 2000-04-28 Nippon Telegr & Teleph Corp <Ntt> Electronic ticket recording medium and processing method and processor
JP2001078266A (en) * 1999-06-29 2001-03-23 Sanyo Electric Co Ltd Information distribution system
JP3659090B2 (en) * 1999-10-29 2005-06-15 日本電信電話株式会社 Storage medium and an electronic information distribution method storing electronic information distribution system and an electronic information distribution program
JP2002082934A (en) * 2000-09-07 2002-03-22 Toshiba Corp History managing method and storage medium
JP4554801B2 (en) * 2000-11-29 2010-09-29 コロムビアミュージックエンタテインメント株式会社 Data terminal equipment
JP2002259605A (en) * 2001-02-26 2002-09-13 Sony Corp Device and method for information processing and storage medium
JP2002372976A (en) * 2001-06-13 2002-12-26 Sony Corp Data transfer system, data transfer device, data recorder and charge processing method
US7203966B2 (en) * 2001-06-27 2007-04-10 Microsoft Corporation Enforcement architecture and method for digital rights management system for roaming a license to a plurality of user devices
US7149545B2 (en) * 2002-05-30 2006-12-12 Nokia Corporation Method and apparatus for facilitating over-the-air activation of pre-programmed memory devices

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009030158A1 (en) * 2007-08-28 2009-03-12 Huawei Technologies Co., Ltd. Content sharing method, server and system

Also Published As

Publication number Publication date
AU2003296093A1 (en) 2004-08-13
JP3791499B2 (en) 2006-06-28
WO2004066154A1 (en) 2004-08-05
US20050144019A1 (en) 2005-06-30
CN1692339A (en) 2005-11-02
EP1586999A1 (en) 2005-10-19
KR20050101108A (en) 2005-10-20
JP2004227283A (en) 2004-08-12

Similar Documents

Publication Publication Date Title
US8887308B2 (en) Digital cloud access (PDMAS part III)
US8667299B2 (en) Preventing unauthorized distribution of media content within a global network
CN100459780C (en) Robust and flexible digital rights management involving a tamper-resistant identity module
RU2375748C2 (en) Presentation of protected digital content in computer network or similar
RU2352985C2 (en) Method and device for authorisation of operations with content
US7073063B2 (en) Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out/checking in the digital license to/from the portable device or the like
US7836311B2 (en) Information processing apparatus, information processing method, and computer program used therewith
CN103366102B (en) Digital rights management system for content delivery and distribution
CN100517351C (en) Licensing the use of software to a particular user
US7010808B1 (en) Binding digital content to a portable storage device or the like in a digital rights management (DRM) system
CN1665184B (en) Using a flexible rights template to obtain a signed rights label (SRL) for digital content
US8261073B2 (en) Digital rights management method and apparatus
US7343495B2 (en) Information recording apparatus, information reproducing apparatus, and information distribution system
CN1296846C (en) Information transmission system, transmitter, and transmission method as well as information reception system, receiver and reception method
KR100236697B1 (en) Software copying system
US6195432B1 (en) Software distribution system and software utilization scheme for improving security and user convenience
US6801999B1 (en) Passive and active software objects containing bore resistant watermarking
US6636966B1 (en) Digital rights management within an embedded storage device
EP1625479B1 (en) Method and system for controlled media sharing in a network
US7155415B2 (en) Secure digital content licensing system and method
US7059516B2 (en) Person authentication system, person authentication method, information processing apparatus, and program providing medium
US6990684B2 (en) Person authentication system, person authentication method and program providing medium
US7260721B2 (en) Information processing method, information processing apparatus and recording medium
US7325139B2 (en) Information processing device, method, and program
US6898706B1 (en) License-based cryptographic technique, particularly suited for use in a digital rights management system, for controlling access and use of bore resistant software objects in a client computer

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C14 Granted
C17 Cessation of patent right